1

I'm trying to build a .NET service application that would access Google's Prediction API.

This application is a service (no user interaction) so I'd like to know how it would be possible to authenticate to Google API automatically (without having it open a browser in which to log in and then press "Authorize").

What I've tried:

  • ran some of the .NET Google API samples - they all seem to require this authentication scheme that opens a browser and requires a user to click (this is called Native Application Client authentication, I believe).

  • try using Service Accounts OAuth2 authentication - this is Work In Progress. However, there's no .NET library for this; I'm currently working with the python samples and have some problems (because I'm not a Python dev).

At this point I hope I'll be able to get the python sample going and either re-write it in .NET or use it with Iron Python.

I'm interested if anyone had this kind of problem before and what was the resolution. I'm also open to non-OAuth2 (and probably deprecated) authentication solutions if OAuth2 Service Authentication isn't possible (for now) in .NET.

Cristian Lupascu
  • 39,078
  • 16
  • 100
  • 137
  • 1
    You cannot authenticate to the Google API automatically. You have to do it at least once because you must approve the connect. After the intial connection the process is seamless and be can be revoked by the user at any time. I know this to be the case based on the fact I use a website that scans my emails for reciepts. – Security Hound May 18 '12 at 13:37
  • So, is it necessary to to this *only* once? I'm planning to have a Windows Service (no UI). In this case would it do to run a console app on that machine to just authenticate and use that token afterwards from the service? – Cristian Lupascu May 18 '12 at 13:59

1 Answers1

1

I've written a sample app (in Python & Java, sorry not available in C#) which authenticates once, stores the OAuth credentials and related data on the server (Google App Engine) and from that point forward reuses those shared credentials, refreshing the access token when needed, without requiring end users to see the OAuth allow/deny dialog, or any other aspect of OAuth.

This still requires the application administrator to execute the OAuth dialog but that's a one-time event. If for some reason you want to reset the stored server credentials, the initialization step can be re-executed on demand via a special URL, however, this reset function is protected so that only the application administrator can make that request, not an end user.

Marc Cohen
  • 3,742
  • 2
  • 19
  • 19
  • it's good to know that, I'll give it a try. One more question: is it necessary to perform this one-time event on every server (machine)? – Cristian Lupascu May 19 '12 at 15:15
  • No, the OAuth credentials acquired during the one-time initialization step should be usable anywhere (i.e. from any server). – Marc Cohen May 19 '12 at 15:17