0

My end goal is to be able to retrieve place details from Google's API.

I need to do this as a Service Account, since this is kicked off as a background task on my server. Service Accounts require you to exchange a JWT (JSON Web Token) for an access_token. I finally got that working and am receiving an access_token. Phew.

Now however, I don't know what to do with this access_token.

The Place Details API says that the key parameter is required, but I don't have a key. Just an access_token. Using that value for key or changing the name of the paramater to access_token is not working.

Ultimately I need to be able to hit a URL like so:

https://maps.googleapis.com/maps/api/place/details/json?reference={MY_REFERENCE}&sensor=false&key={MY_ACCESS_TOKEN}

How do I use my Access Token to make a request to the Google Place Detail APIs?

Update 1

Still no success, but I thought I'd post the details of my request in case there's something wrong with what I'm submitting to Google.

I'm using the JWT Ruby library, and here are the values of my claim set:

{
  :iss => "54821520045-c8k5dhrjmiotbi9ni0salgf0f4iq5669@developer.gserviceaccount.com",
  :scope => "https://www.googleapis.com/auth/places",
  :aud => "https://accounts.google.com/o/oauth2/token",
  :exp => (Time.now + 3600),
  :iat => Time.now.to_i
}

Looks sane to me.

jww
  • 97,681
  • 90
  • 411
  • 885
djibouti33
  • 12,102
  • 9
  • 83
  • 116
  • Did you manage to solve it? I'm pulling my hair here to do something similar but with google drive! – wachichornia Dec 05 '13 at 22:39
  • unfortunately I didn't. I was trying hard to stick to Google's advice/rules in their documentation, but ended up configuring things as a Web Server App. Way too much pain as a Service Account. It's been running for at least 8 months like that and I've had no problems. – djibouti33 Dec 06 '13 at 00:16
  • I solved it and my answer is here: http://stackoverflow.com/questions/27609138/how-to-insert-video-youtube-api-v3-through-service-account-with-ruby/27620954#27620954 Enjoy! – dangalg Dec 23 '14 at 13:13

2 Answers2

0

Create the service account and its credentials

You need to create a service account and its credentials. During this procedure you need to gather three items that will be used later for the Google Apps domain-wide delegation of authority and in your code to authorize with your service account. These three items are your service account:

• Client ID.

• Private key file.

• Email address.

In order to do this, you first need a working Google APIs Console project with the Google Calendar API enabled. Follow these steps:

  1. Go to the Google APIs Console.
  2. Open your existing project or create a new project.
  3. Go to the Service section.
  4. Enable the Calendar API (and potentially other APIs you need access to).

You can now create the service account and its credentials. Follow these steps:

  1. Go to the API Access section.

  2. Create a client ID by clicking Create an OAuth 2.0 client ID...

  3. Enter a product name, specify an optional logo and click Next.

  4. Select Service account when asked for your Application type and click Create client ID.

At this point you will be presented with a dialog allowing you to download the Private Key as a file (see image below). Make sure to download and keep that file securely, as there will be no way to download it again from the APIs Console.

After downloading the file and closing the dialog, you will be able to get the service account's email address and client ID.

You should now have gathered your service account's Private Key file, Client ID and email address. You are ready to delegate domain-wide authority to your service account.

Delegate domain-wide authority to your service account

The service account that you created now needs to be granted access to the Google Apps domain’s user data that you want to access. The following tasks have to be performed by an administrator of the Google Apps domain:

  1. Go to your Google Apps domain’s control panel. The URL should look like: www.google.com/a/cpanel/mydomain.com

  2. Go to Advanced tools... > Manage third party OAuth Client access.

  3. In the Client name field enter the service account's Client ID.

  4. In the One or More API Scopes field enter the list of scopes that your application should be granted access to (see image below). For example if you need domain-wide access to the Google Calendar API enter: www.googleapis.com/auth/calendar.readonly

  5. Click the Authorize button.

Your service account now has domain-wide access to the Google Calendar API for all the users of your domain, and potentially the other APIs you’ve listed in the example above.

Below is a description that uses a service account to access calendar data in PHP

The general process for service account access to user calendars is a follows:

• Create the Google client

• Set the client application name

• If you already have an Access token then check to see if it is expired

• If the Access token is expired then set the JWT assertion credentials and get a new token

• Set the client id

• Create a new calendar service object based on the Google client

• Retrieve the calendar events

Note: You must save the Access token and only refresh it when it is about to expire otherwise you will receive an error that you have exceeded the limit for the number of access tokens in a time period for a user.

Explanation of Google PHP Client library functions used:

The client object has access to many parameters and methods all of the following are accessed through the client object:

Create a new client object:

$client = new Google_Client();

Set the client application name:

$client->setApplicationName(“My Calendar App”);

Set the client access token if you already have one saved:

$client->setAccessToken($myAccessToken);

Check to see if the Access token has expired, there is a 30 second buffer, so this will return true if the token is set to expire in 30 seconds or less. The lifetime of an Access token is one hour. The Access token is actually a JSON object which contains the time of creation, it’s lifetime in seconds, and the token itself. Therefore no call is made to Google as the token has all of the information locally to determine when it will expire.

$client->isAccessTokenExpired();

If the token has expired or you have never retrieved a token then you will need to set the assertion credentials in order to get an Access token:

$client->setAssertionCredentials(new Google_AssertionCredentials(SERVICE_ACCOUNT_NAME,array(CALENDAR_SCOPE), $key,'notasecret','http://oauth.net/grant_type/jwt/1.0/bearer',$email_add));

Where:

SERVICE_ACCOUNT_NAME is the the service account email address setup earlier.

 For example:’abcd1234567890@developer.gserviceaccount.com’

CALENDAR_SCOPE is the scope setup in the Google admin interface.

 For example: ‘https://www.googleapis.com/auth/calendar.readonly’

$key is the content of the key file downloaded when you created the project in Google apps console. $email_add is the Google email address of the user for whom you want to retrieve calendar data.

Set the client id: $client-setClientId(SERVICE_CLIENT_ID); Where: SERVICE_CLIENT_ID is the service account client ID setup earlier. For example: ‘abcd123456780.apps.googleusercontent.com’

Create a new calendar service object: $cal = new Google_CalendarService($client);

Several options can be set for calendar retrieval I set a few of them in the code below, they are defined in the api document. $optEvents = array('timeMax' => $TimeMax, 'timeMin' => $TimeMin, 'orderBy' => 'startTime', 'singleEvents' => 'True');

Get the list of calendar events and pass the above options to the call:

$calEvents = $cal->events->listEvents('primary', $optEvents);

Loop through the returned event list, the list is paged so we need to fetch pages until the list is exhausted:

  foreach ($calEvents->getItems() as $event) {
// get event data
$Summary = $event->getSummary();
$description = $event->getDescription();
$pageToken = $calEvents->getNextPageToken();
            if ($pageToken) { // if we got a token the fetch the next page of events.
                    $optParams = array('pageToken' => $pageToken);
                    $calEvents = $cal->events->listEvents('primary', $optParams);
            } else {
                    break;
            }

}

Get the Access token:

$myAccessToken=$client->getAccessToken();

Save the access token to your permanent store for the next time.

Alan
  • 47
  • 1
  • 1
    I appreciate the thorough answer. However, there are a few problems I'm having with it. 1) As stated in the question, I'm already able to receive the access_token, and now I just need to know what to do with it. 2) Your example uses a PHP library, but this question is tagged with "Ruby-on-rails". Google's RoR client says it's still in alpha and not to use it, so I need to basically roll my own client. I don't know how to pass the access_token in my request to the Places API, and that's what I need help with. – djibouti33 Mar 05 '13 at 22:32
  • also, this details how to connect to a user's Google Apps data. I simply want to connect to the Places API using a service account. is that possible? – djibouti33 Mar 05 '13 at 23:22
0

The language isn't important php, ruby, .net, java the process is the same. The api's console shows the Places API as supporting service accounts so it should be possible to access it.

As far as using the token please have a look at https://code.google.com/p/google-api-ruby-client/ code as the usage is clearly defined in the code repository. Doesn't make any difference if the access token is for a service account or a single user the process for using the token is the same. See the section titled "Calling a Google API" in the following link: https://developers.google.com/accounts/docs/OAuth2InstalledApp

The access token is sent in the http authorization header along with the request.For a calendar request it would look something like the following: GET /calendar/v3/calendars/primary HTTP/1.1 Host: www.googleapis.com Content-length: 0 Authorization: OAuth ya29.AHES6ZTY56eJ0LLHz3U7wc-AgoKz0CXg6OSU7wQA

user2157654
  • 11
  • 1