How to set up google api in asp.net mvc to access docs

0
votes

About 6 months ago I set up a web application in the google developers console so that employees of our internal web site could initiate emails which would read a template doc in a google account, merge some fields and then download a pdf version of it to email out.

Now we have to move those template docs to a different google managed domain/user account so I've made copies of the documents in the new account and updated our references with the new doc ids.

In addition, the email I had when I originally created this application in the google dev console is going away as of the first of the year. So I also have to recreate the app under a new account.

I've done that and matched all the settings of the original app. However, when I try to access a document I get the error Google.Apis.Auth.OAuth2.Responses.TokenResponseException: 'Error:"unauthorized_client", Description:"Unauthorized", Uri:""'

I had followed this page in setting up the original user authentication. I know there was a ton of trial and error before I actually got it working and I must be forgetting something. I'm wondering if it's tied to needing to reauthenticate the new app. Although I'm specifying the new clientid and clientsecret from the new app, I don't get the popup asking me to give permission to the app. I would expect with the new credential info that it would open that window asking me to give permission. Here's that file for reference. Any ideas?

public class AuthCallbackController : Google.Apis.Auth.OAuth2.Mvc.Controllers.AuthCallbackController
{
    protected override FlowMetadata FlowData => new AppFlowMetadata();
}

public class AppFlowMetadata : FlowMetadata
{
    private static readonly IAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
    {
        ClientSecrets = new ClientSecrets
        {
            ClientId =  AwsSecrets.GoogleCreds.ClientId, 
            ClientSecret = AwsSecrets.GoogleCreds.ClientSecret
        },
        Scopes = new[] {DriveService.Scope.Drive},
        DataStore = new FileDataStore("Drive.Api.Auth.Store")
    });

    public override IAuthorizationCodeFlow Flow => flow;

    public override string GetUserId(Controller controller)
    {
        return "userid";
    }
}

public class GoogleController : TECWareControllerBase
{
    private readonly IGoogleCredentialService _gservice;

    public GoogleController(IGoogleCredentialService gservice)
    {
        _gservice = gservice;
    }

    public async Task<ActionResult> IndexAsync(CancellationToken cancellationToken)
    {
        var result = await new AuthorizationCodeMvcApp(this, new AppFlowMetadata()).AuthorizeAsync(cancellationToken);

        if (result.Credential != null)
        {
            _gservice.SaveRefreshToken(result.Credential.Token.RefreshToken);
            return View();
        }

        return new RedirectResult(result.RedirectUri);
    }
}
1
google-drive-apigoogle-docs-api
You recreated the App under a new account - are you confident that the new account has access permissions to your document? - ziganotschka
No that's the point of the authentication screen. Anyone who authenticates gives permission to the app to access their documents. - geoff swartz

1 Answers

0
votes

I finally found a way to get this working.

First off in this method

private static readonly IAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
    ClientSecrets = new ClientSecrets
    {
        ClientId =  AwsSecrets.GoogleCreds.ClientId, 
        ClientSecret = AwsSecrets.GoogleCreds.ClientSecret
    },
    Scopes = new[] {DriveService.Scope.Drive},
    DataStore = new FileDataStore("Drive.Api.Auth.Store")
});

I had to change the FileDataStore("Drive.Api.Auth.Store") key to something else like FileDataStore("GoogleAuth")

That forced the authentication to fire up.

Unfortunately, google then complained about an invalid redirect uri. The following code returned a redirect uri of http://localhost:11224/AuthCallback/IndexAsync which didn't even exist in my web application's Authorized redirect uris. It should have been http://localhost:11224/MVC/AuthCallback/IndexAsync. So in the url result's redirect url I changed it to what it should have been which allowed me to complete the authorization. Now I can access the documents in the authenticated account.

var result = await new AuthorizationCodeMvcApp(this, new AppFlowMetadata()).AuthorizeAsync(cancellationToken);