Open in app

Sign in

Write

Sign in

OAuth 2.0 Framework and Social Login

Dasuni Anupama
6 min readOct 7, 2018

This post will give an introduction to OAuth 2.0 and will guide you on how to implement OAuth in an application in order to access Google Drive API from your application.

What is OAuth 2.0?

It’s a framework for delegated authorization which allows third party applications to access some resources on behalf of the user. It also provide Federated Identity which mean allows users to log in to an application with another account.

There are four Main Roles in OAuth 2.0.

1. Resource Owner

2. Client

3. Authorization Server

4. Resource Server

Why We Need OAuth ?

Before OAuth 2.0 comes, if an application wants to access your data from another application, you have to provide your account credentials to the application in order to access the data. Let’s say for an example, an application suggests who your Facebook best friends are. In order to see the best friend or in other words to use this application, you need to provide your Facebook credentials(username, password) to this application. So this application will have full control of your account. Even it may store your credentials. Nowadays data security is a crucial thing to consider. Therefore, we can’t trust those applications easily. That’s when OAuth 2.0 came in to play. OAuth overcome this problem.

Endpoints

  • Redirect Endpoint — This is provided by the client application to the service provider.
  • Authorization Endpoint — Client application should use to initiate the authorization process.
  • Token Endpoint — Client application should use to initiate the token flow.

Grant Types

We use grant type to get the access token. In OAuth 2.0 specification, there are five grant types specified. Which are,

  • Authorization Code grant type — The flow of implementing this grant type is shown in below diagram.
  • Implicit grant type — This is implemented by the applications that run on client side. (JavaScript applications)
  • Password grant type — This is also called as Resource owner password credential. User will provide credentials directly to the client application and it will produce these credentials and request an Access Token from the Authorization Server.
  • Client Credentials grant type — Client application sends its Client ID and Secret to obtain an access token and authorize itself to access its own account.
  • Refresh Toke grant type — Used to renew the expired Access Tokens. Refresh Toke will never expire. One Refresh Token can only use once.

Let’s implement an application that uses OAuth 2.0 to allow users to upload images to Google Drive.

Step 1: Create a Project

Go to https://console.developers.google.com/ and create a project by selecting “Select a project”.

From pop up that opens, select “New Project”.

Fill the below form with application name as in Project Name and click “CREATE”.

Step 2: Enable the API

Go to the Library from the menu. Then you will see a window like below. From there you can select the API you want to use.

For the demo purpose i am using Google Drive API. Select it and you will be redirected to a page. Then click “Enable it”. It will show like below when you enabled it.

Now Google Drive API is enabled in our application. In order to access it using OAuth, we need App ID and App Secret. To get them, click “Create Credentials” from the below page.

Fill out the below form with related data to your application and generate client credentials.

Create client id

You can view the credentials like below from Credentials menu.

If you click the application from above, you can see the client ID and secret which is generated. By clicking “Download JSON”, you can download the credentials and import them to your project.

Now let’s look at our application . I have developed a Java application to demonstrate this.

Step 3: Implement the Client Application

Rename the downloaded json credentials file into credentials.json. Import it in to the src/main/resources/ in your working directory.

Here are the dependencies that used to integrate Google Drive API into our application. Add these dependencies in to the build.gradle file.

First, the user must be redirected to Google’s sign in page to authorize our application. In order to do that, our application must redirect the user to the Authorization Endpoint. After the user grants consent,we will receive the authorization code. Following codes demonstrate it.

Add a photo to your project folder and name it as “picture.jpg”. Following code show the file upload method.

Method to Upload the photo

When the user is redirected to the Authorization Endpoint, following page will be prompted by Google.

Select an account to log in. Then it will show like below asking permission to access resources.

Once you granted access, it will display the following message saying that the access token is issued.

If you check your project folders, you will see a new folder called “tokens” is created. It contains the access token that we got previously.

Now go to your google drive. You will see the photo we uploaded in to drive like below.

** Once you get the access token and uploaded the image, if you want to upload another, you should remove the token folder in your project and run the application again. Then it will create a new access token for you. Otherwise it will prompt an error.

You can find the complete implementation of this sample application from here.

--

--

Dasuni Anupama

Written by Dasuni Anupama

25 Followers

Software Engineer | Graduate @ SLIIT 🎓| Cloud Computing Enthusiast | Web Dev Enthusiast

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams