0

When User Sign In Gmail account via Oauth2 protocol and finish it, my server get authorization code and I make exchange this code for refresh token and access token, everything works as planned but I need to get email address too. I mean if user logged in as helloworld@gmail.com, somehow with authorization code I would like to know this address, may I somehow to know it?

This is endpoint where I exchange authorization code on access token and refresh token:

 public OAuth2AccessToken oauth(String authorizationCode) {
        AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
        resource.setUserAuthorizationUri(userAuthorizationUri);
        resource.setAccessTokenUri(accessTokenUri);
        resource.setClientId(clientId);
        resource.setClientSecret(clientSecret);
        resource.setPreEstablishedRedirectUri(redirectUrl);
        resource.setScope(scopes);
        resource.setUseCurrentUri(false);

        AccessTokenRequest request = new DefaultAccessTokenRequest();
        request.setPreservedState(new Object());
        request.setAuthorizationCode(authorizationCode);

        AuthorizationCodeAccessTokenProvider provider = new AuthorizationCodeAccessTokenProvider();
        OAuth2AccessToken accessToken = provider.obtainAccessToken(resource, request);

        return accessToken;
    }

I don't have WebSecurityConfigurerAdapter for OAuth2

Dave
  • 507
  • 7
  • 22
  • can you please add some code on how you integrated the OAuth2 part into your spring-boot application? – git-flo Oct 04 '18 at 17:41
  • @git-flo I updated question, providing code how I exchange authorization code. Authorization code I get from my UI where user login account – Dave Oct 04 '18 at 18:02
  • 1
    https://stackoverflow.com/questions/37026981/how-to-configure-resource-server-in-spring-security-for-it-to-use-additional-inf/51224683#51224683 maybe this answer can help you – git-flo Oct 04 '18 at 19:02

1 Answers1

1

If the user's email address is not already provided in the id_token part of the oauth2 response, you can use the Gmail API Users.getProfile operation, using the special value "me" as the userId to refer to the authenticated user.

See: https://developers.google.com/gmail/api/v1/reference/users/getProfile

That should give you a response like:

{
  "emailAddress": -string-,
  "messagesTotal": -integer-,
  "threadsTotal": -integer-,
  "historyId": -unsigned long-
}
payne
  • 13,833
  • 5
  • 42
  • 49
  • @payment I didn't know that id_token can be used to get some info, this endpoint is what I need https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=id. Thnk u – Dave Oct 05 '18 at 16:48