Google OAuth 2.0 redirect_uri with several parameters

eason picture eason · Oct 11, 2011 · Viewed 94k times · Source

How to add a parameters to the Google OAuth 2.0 redirect_uri?

Just like this:

redirect_uri=http://www.example.com/redirect.html?a=b

The b of a=b is random.

Anyone can help ?

Answer

DhruvPathak picture DhruvPathak · Oct 11, 2011
  1. You cannot add anything to the redirect uri, redirect uri is constant as set in the app settings of Oauth. eg :http://www.example.com/redirect.html

  2. To pass several parameters to your redirect uri, have them stored in state parameter before calling Oauth url, the url after authorization will send the same parameters to your redirect uri as state=THE_STATE_PARAMETERS

So for your case,do this:

/1. create a json string of your parameters ->

{ "a" : "b" , "c" : 1 }

/2. do a base64UrlEncode , to make it URL safe ->

stateString = base64UrlEncode('{ "a" : "b" , "c" : 1 }');

This is a PHP example of base64UrlEncoding & decoding (http://en.wikipedia.org/wiki/Base64#URL_applications) :

function base64UrlEncode($inputStr)
{
    return strtr(base64_encode($inputStr), '+/=', '-_,');
}

function base64UrlDecode($inputStr)
{
    return base64_decode(strtr($inputStr, '-_,', '+/='));
}

So now state would be something like: stateString -> asawerwerwfgsg,

Pass this state in OAuth authorization URL:

https://accounts.google.com/o/oauth2/auth?
  client_id=21302922996.apps.googleusercontent.com&
  redirect_uri=https://www.example.com/back&
  scope=https://www.google.com/m8/feeds/&
  response_type=token&
  state=asdafwswdwefwsdg,

For server side flow it will come along with token : http://www.example.com/redirect.html?token=sdfwerwqerqwer&state=asdafwswdwefwsdg,

For client side flow it will come in the hash along with access token: http://www.example.com/redirect.html#access_token=portyefghsdfgdfgsdgd&state=asdafwswdwefwsdg,

Retrieve the state, base64UrlDecode it, json_decode it, and you have your data.

See more about google OAuth 2 here:

http://code.google.com/apis/accounts/docs/OAuth2.html