Google API - How can I make a HTTP Get to authenticate user and get a refresh token from client js?

Question

I'm currently making the integration between Google Calendar and my company's website. But I'd like the save the user's credential, so he just have to authenticate only one time. I build the following URL.

https://accounts.google.com/o/oauth2/v2/auth?client_id=my_client_id&redirect_uri=localhost&state=django_csrf_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&access_type=offline&response_type=code

And calling the following snippet:

xhr = new XMLHttpRequest();
xhr.open('GET', url);
xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
xhr.send();

And now. I'm stuck...

idbehold idbehold · Accepted Answer · 2017-01-09T18:25:03

You cannot perform an OAuth call via an XMLHttpRequest. If the user wasn't currently logged into Google how would the user log in via that call? How would the user approve your application's requested permissions? You must actually redirect their browser to that URL.

Google API - How can I make a HTTP Get to authenticate user and get a refresh token from client js?

1 Answers