I am following Google Authorization OAuth2 to get an access token for my Android client ID. But I don’t plan to upload my game to the Google Play platform. All I want to do is to upload files generated by the application to my drive account.
Is it possible to do that without asking user’s consent and inputting login information? Lots of information I gathered online is communicating with Google Play Console, and I don’t need the login/security stuff since I will be the only user…
I did some experiments with a web application client ID, and it works in the way that I want. Here is part of the code:
using System.IO;
using UnityEngine;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Auth.OAuth2.Responses;
using Google.Apis.Auth.OAuth2.Flows;
using Google.Apis.Drive.v3;
using Google.Apis.Services;
using Google.Apis.Util.Store;
private static DriveService GetService()
{
var tokenResponse = new TokenResponse
{
AccessToken = "...",
RefreshToken = "..."
};
var username = "google account email";
var apiCodeFlow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "...",
ClientSecret = "..."
},
});
var credential = new UserCredential(apiCodeFlow, username, tokenResponse);
var service = new DriveService(new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = applicationName
});
return service;
}
The other thing that confuses me is I can get both clientId and clientSecret when creating the web client id. And through those, I can get tokens easily through OAuth 2.0 Playground. But when I created the client id for Android, I could only get the client id. I am not sure what I should do to go further…
I am a beginner of google api stuff and this is my first Android game too! Please please (PLEASE) help and I’d appreciate any insights!!
This issue is frequently faced by developers using Oauth2.0 Specs,
Whats missing here is a bit of background about Oauth2.0 client types and authorization flows.
Typically for public clients as opposed to confidential client - which is usually used for server-to-server authorization - the public client is by design not a trusted party so the secret is not provided, and to get an access_token and an id_token you’ll need to use the authorization_code flow.
The authorization_code flow can be broken down as the following:
Call the authorization endpoint in a web view, will look something like /authorize?client_id=...&authorization_type=code&redirect_uri=...
The user will pe prompted to input credentials, and a challeng (OTP, SMS…etc)
On success the user will be redirected to the app using the deeplink you provide in the first step, with a parameter code, you should capture that code.
Call the /token endpoint to exchange the code with tokens
EDIT (Solved): Redirect for Google requires the syntax “package-name**:oauth-callback-path" instead of "package-name://**oauth-callback-path” which i found suggested in many guides included the official oauth documentation but that doesn’t work with google sign-in
Hi, I’ve struggled the whole month to implement this type of login in the app i’m working on. Testing on PC works fine, but when I use the android app, the call at the first point returns me “redirect_uri_mismatch”. I’ve already tried all the possible combination of names according to the official oauth documentation but it still doesn’t work on android.
Depending on the redirect uri i provide, the error may change to invalid_request with the detail: “You can’t sign in to this app because it doesn’t comply with Google’s OAuth 2.0 policy for keeping apps secure.”
Any suggestion on how to make this work? On PC it works because i use the loopback interface which is a valid uri, but i can’t use it on android.
If i use a website as my redirect link, do i need to make something on the website to make the domain authorized for redirect?
