Google+ api - Key from https://accounts.google.com/o/oauth2/token gives 401 errors

2
votes

I'm having some trouble with Google+ API OAuth2 tokens.

Here is a simple program that gets an OAuth2 access token:

HttpClient httpclient = new HttpClient();
        PostMethod postMethod = new PostMethod("https://accounts.google.com/o/oauth2/token");
        NameValuePair[] data = {
                new NameValuePair("client_id", "API KEY HERE"),
                new NameValuePair("redirect_uri", "URL HERE"),
                new NameValuePair("client_secret", "SECRET HERE"),
                new NameValuePair("code", "CODE HERE"),
                new NameValuePair("grant_type", "authorization_code")
        };
        postMethod.setRequestBody(data);
        try {
            int result = httpclient.executeMethod(postMethod);
            assertEquals(result, 200);
            System.out.println("Response body: ");
            System.out.println(postMethod.getResponseBodyAsString());
        } catch (IOException e) {
            e.printStackTrace();
        }

This successfully generates an OAuth2 token. Such as: ya29.AHES6ZTZgptKHyZ530MoYVDPaeXvjK5DWQzPqxoNNEL2C7gsQwGfmvfT8Q

Then I set up a simple test program that can test calling the /people API from that token:

@Test
    public void testGoogleAPIAuthdRequest() throws Exception {
        String feedUrl = "https://www.googleapis.com/plus/v1/people/me";
        String apiKey = "MY API KEY";
        String oauthCode = "OAUTH CODE FROM ABOVE";
        String jsonStr = executeGoogleFeed(feedUrl, apiKey, oauthCode).getResponseBodyAsString("UTF-8");
    }

    public Response executeGoogleFeed(String feedURL, String apiKey, String oauthCode) throws Exception {
        StringBuilder urlStr = new StringBuilder();
        urlStr.append(feedURL);
        urlStr.append("?key=");
        urlStr.append(apiKey);
        Map<String, String> hashMap = new HashMap<String, String>();
        hashMap.put("Authorization", "Bearer " + oauthCode);
        return HttpUtil.doHttpRequest(urlStr.toString(), MethodType.GET.toString(), null,
                hashMap);
    }

This gives me a 401 error. Permission denied.

When I go to https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=INSERT_ACCESS_TOKEN, the Token shows as valid.

Also, when I go to https://developers.google.com/+/api/latest/people/get and get the OAuth token from the OAuth2 sign-on feature... and I plug that OAuth token into my JUnit test... it works!

Anyone know why my call to https://accounts.google.com/o/oauth2/token cannot be used as the Bearer parameter in Google+'s api?

1
apioauth-2.0google-plus

1 Answers

1
votes

It sounds like the underlying problem is that you're not requesting the plus.me scope when you send the user to authenticate themselves and authorize your app. This is done in the step before what you've shown here, and is the component that returns the OAuth2 "code" that you're adding above. You may want to update your example to illustrate how you're getting the code and what scopes you're using to do this.

If you are setting the scope correctly, and you're using the code that is returned, it could be that you keep re-using the same code. The OAuth2 code returned from the first stage can only be used once, and must be used very quickly after it is issued. It is exchanged for an access_token which has a limited lifetime (which is what you're correctly trying to do), and a refresh_token which has an unlimited lifetime and is used to generate fresh access_tokens.

See https://developers.google.com/accounts/docs/OAuth2WebServer for full details about the multi-step process used to get, and then exchange, the OAuth2 code.