Authorizing requests with OAuth 2.0 in Google Spreadsheet API

oauth google-sheets google-data-api google-spreadsheet-api
bobo picture bobo · Nov 1, 2011 · Viewed 10.3k times · Source

I am trying to create a PHP web page that requires reading some data from a google spreadsheet in my domain (I am using Google Apps Free Edition).

The spreadsheet to be read is a non-public one but is visible to some people in my domain. Since it's non-public, I know there will be some authentication and authorization stuff even I am using the API to read it.

I found this page but there is something that I don't understand: http://code.google.com/intl/zh-TW/apis/spreadsheets/data/3.0/developers_guide.html#Auth

It says we should use OAuth 2.0 protocol, this is ok. But it also says during the authorizing process, "Google displays an OAuth dialog to the user, asking them to authorize your application to request some of their data.".

My webpage will display some data read from the spreadsheet. So whenever somebody goes to my webpage, it will display a dialog to the spreadsheet owner asking for permission? Is this what it means?

Any advice will be very welcome.

Answer

Meny Issakov picture Meny Issakov · Oct 31, 2012

What you're actually trying to accomplish is Server to Server authentication between your server and Google.

This way, when a visitor enters your page/s you'll grab data from your own spreadsheet, without any 3rd party involvement.

I'ts possible you'll find what you're looking for in Google Service Account, and here

Also, another solution (which is much easier to accomplish, but might have some set backs) is to use the oauth 2.0 protocol with your Google dev account (retrieved from Google Console API).

  1. If you haven't already, create a Google Dev account (Google Console API)
  2. Generate a access/refresh token for your application with "offline" grant - meaning you can make API requests with your dev account to your spreadsheet account even when you're not logged in with your spreadsheet account.
  3. Save the refresh token you generated and use it to generate access token over and over again (access tokens last 1 hour).

Refresh token are not supposed to expire, but in case it would, you can always generate it again and replace the one you had with a new one, and keep generating access tokens with it.

The major set back is in case your refresh token gets invalidated, you'll have to manually replace it, as it will require you to re-grant access to your dev account to access your spreadsheet account.

I hope this helps a bit.

Meny

Related questions

Setting Authorization Header of HttpClient

I have an HttpClient that I am using for a REST API. However I am having trouble setting up the Authorization header. I need to set the header to the token I received from doing my OAuth request. I saw …

Read More
Use Device Login on Smart TV / Console

I have noticed that Facebook seems to support Device Login with a token / PIN Code instead of user/login to be used on devices like TV or console: https://www.facebook.com/device In the search of the dev page …

Read More
Facebook OAuth "The domain of this URL isn't included in the app's domain"

Let me first start with saying I've searched for an answer to this question for quite some time... I'm trying to setup Facebook OAuth to work with my application that is being developed locally on my machine. Everything was working …

Read More