Google OAuth 2.0 and Data Store Need

50 views
Skip to first unread message

Roshan Kariyadan

unread,
Feb 18, 2015, 2:31:33 PM2/18/15
to google-oauth...@googlegroups.com

I am migrating code from GDATA API to Google ADMIN Directory API (User Provisioning). Migrated code is working fine with the new ADMIN API. Created a service account in Developers Console, then provided domain-wide access. Using below code to create the GoogleCredential object. Using a super admin user to impersonate the API call (Only this user have access to ADMIN API). I am using two-legged OAuth. GoogleCredential takes care of automatically "refreshing" the token so for each API call I am getting new Access token. 

Do I need to use Data Store to persist access token ? Whats the advantages of using Data Store and is there any issues in not using DataStore while using OAuth 2.0 ? Is there any limitations on the number of access token that Google can support during a particular period of time ?

    GoogleCredential credential = new GoogleCredential.Builder()
    .setTransport(httpTransport)
    .setJsonFactory(jsonFactory)
    .setServiceAccountId(serviceAccountID)
    .setServiceAccountScopes(scopes)
    .setServiceAccountPrivateKeyFromP12File(new File(serciceAccountPKCSFilePath))
    .setServiceAccountUser(serviceAccountUser)
    .build();

// Create the Directory
Directory directory = new Directory.Builder(httpTransport, jsonFactory, credential) .setApplicationName(applicationName) .build();

// Makes the actual call to google to create user
user = directory.users().insert(user).execute();

Roshan Kariyadan

unread,
Feb 18, 2015, 3:29:25 PM2/18/15
to google-oauth...@googlegroups.com
I debugged the code and see only accessToken in the GoogleCredential object inside Directory. Dont see refreshToken in the response. Also see a expirationTime in Milliseconds 1424294867651.
Please help on how to proceed on this.

Roshan Kariyadan

unread,
Feb 19, 2015, 2:23:31 PM2/19/15
to google-oauth...@googlegroups.com
Any help on this is greatly appreciated. Could not find any documentation on google on this case. There are information but not sure if it stands true for OAuth with service accounts. Trying to see how to handle the access token when you use OAuth 2.0 Service account and Directory API. We created a Google WebService interface and two applications make use of this API. APIs are mainly for User creation, management. Using Admin user to impersonate the GoogleCredential as this user only have permission to manage users
Reply all
Reply to author
Forward
0 new messages