Tuesday, July 22, 2014

Google APIs : checking the scopes contained in an OAuth2 access token

When you've stored an OAuth2 access/refresh token couple for a long time, you might not be sure what scopes it was giving access to.

In that case, just pass the access token to the tokeninfo endpoint :


The output looks like this :

 "issued_to": "407408718192.apps.googleusercontent.com",
 "audience": "407408718192.apps.googleusercontent.com",
 "user_id": "1170123456778279183758",
 "scope": "https://www.googleapis.com/auth/userinfo.email",
 "expires_in": 3585,
 "email": "someone@yourdomain.com",
 "verified_email": true,
 "access_type": "offline"

Of course you can also do this with a library. In Java :

Oauth2 oauth2 = new Oauth2.Builder(new NetHttpTransport(), new JacksonFactory(), null)
return oauth2.tokeninfo().setAccessToken(yourAccessToken).execute();

You'll need the following dependency :


No comments:

Post a Comment