1

I was writing a simple logic to list pictures using the Google Photos REST API. I'd like to print the connected user profile once they are logged into my app. But I cannot find any endpoint in the REST API to get the user profile as in Gmail or Drive REST APIs.

https://developers.google.com/photos/library/guides/get-started#request-id

Meanwhile, I have tried to get the user details from the oAuth2 access token, but it does not give any user details like mail id or name.

GET https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN

Response:

{
    "issued_to": "xxxxx.apps.googleusercontent.com",
    "audience": "xxxxxx.apps.googleusercontent.com",
    "scope": "https://www.googleapis.com/auth/photoslibrary",
    "expires_in": 3522,
    "access_type": "offline"
}

Is there any way to retrieve user profile from the above oAuth2 access_token (independent to the scope)?

carlesgg97
  • 4,184
  • 1
  • 8
  • 24
Kirubakaran
  • 378
  • 4
  • 20

1 Answers1

3

I'm afraid that at the moment this is not possible. The oAuth2 token does not contain the user's e-mail. The only way of getting the user's email through the Google APIs would be to allow the https://www.googleapis.com/auth/userinfo.email scope, and use the oAuth2 API or the People API. The calls you could use may be any of the following:

GET https://www.googleapis.com/oauth2/v2/userinfo

GET https://www.googleapis.com/userinfo/v2/me

GET https://www.googleapis.com/plus/v1/people/me

carlesgg97
  • 4,184
  • 1
  • 8
  • 24
  • Thanks for you clarification. If so, I am worried that, I have to do two authentication right ? (1 for auth-token to get user profile and 1 for auth photo library to do my stuffs) – Kirubakaran Oct 31 '19 at 09:37
  • @KIRUBAKARANS You define all the scopes to use for your project at once. When the user logs in through the oAuth flow, it will warn him/her of all the requested permissions in **one** screen (also called the *consent screen*). You can see an example here: https://3.bp.blogspot.com/-AOrdQW6AxZA/WOKSmhWJBDI/AAAAAAAACf8/irnIx4fvyn0MJp87pcn97CWqr0F9jGCNgCEw/s1600/image03.png After logging in with his/her credentials, it will not be necessary to log in again for any other permissions, as the user already allowed them at once. I hope that's clear :) – carlesgg97 Oct 31 '19 at 10:42
  • Wow ! sounds like good. I have framed the oAuth url in my code as `https://accounts.google.com/o/oauth2/auth?client_id=CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/photolibrary&response_type=code`. Here, I am not sure how to merge multiple scope in once (Planned to use oAuth, drive and photolibrary scopes). Could you please advise on this. – Kirubakaran Oct 31 '19 at 14:27
  • Hey @KIRUBAKARANS, your new URL should look like the following: `https://accounts.google.com/o/oauth2/auth?client_id=CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/photolibrary+https://www.googleapis.com/auth/userinfo.email&response_type=code`. I suggest that you check out the [oAuth 2.0 Playground](https://developers.google.com/oauthplayground/), it comes in really handy for development ;) Cheers – carlesgg97 Oct 31 '19 at 14:35
  • Its awesome!. Tank you ery much Carles. – Kirubakaran Oct 31 '19 at 18:05