Following the steps described at Using OAuth 2.0 for Installed Applications, I have been able to get an Authorization code for my application.
I have registered my application as an OAuth 2.0 Client ID in the Google Developers Console:
I am using the type "Other", as the application will only need to get a new access_token (using the refresh_token), and won't use any type of user consent.
The security does not matter, since it will be a private application.
The application needs to be able to read and write to a spreadsheet, and run Google Apps Scripts that are linked to the spreadsheet.
This is all possible within the scope "https://www.googleapis.com/auth/spreadsheets", according to Google's OAuth 2.0 Playground:
I have been able to get my hands on an Authorization code, using the following request (following this step):
https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fspreadsheets&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
response_type=code&
client_id=#####.apps.googleusercontent.com
Pasting this URL in my browser, it redirected me to this page:
This way I have obtained an Authorization code that, theoretically, can be exchanged for a refresh_token and an access_token.
I tried mimicking the requests that Google's OAuth 2.0 Playground does when exchanging an Authorization code for a refresh_token and an access_token:
It sends a POST request to the following URL:
https://www.googleapis.com/oauth2/v3/token?
code={auth_code}&
redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&
client_id=#####.apps.googleusercontent.com&
client_secret=#####&
scope=&
grant_type=authorization_code
When I try to do this request, I get an ERROR 400 with the following response:
{"error": "invalid_request", "error_description": "Invalid parameter value for redirect_uri: Missing scheme: {redirect_uri}}
It throws an error about "Missing scheme" for the redirect_uri. This isn't weird in my opinion, since my Application Type is "Other", and you can't Authorize redirect URIs with that type.
I have tried the OAuth2ForDevices (which is exactly what I want), but I can't use that for Google's spreadsheets.
What is the correct way to obtain a refresh_token (and access_token) using an Authorization code, obtained via a client-ID type "Other" (which can be used for Google spreadsheets)?