5

I've been trying to get Google's Calendar API working in a PHP web application, but I'm having a hard time getting authenticated.

What I want to do is to allow users to interact with calendars of a single account known by the server.

Each type of scenario covered in the OAuth 2.0 docs talks about "user consent" which involves a login form and the individual user logging in, but I want the server itself to authenticate directly and obtain an access token for itself.

Is there some part of OAuth or some alternative mechanism I can use to do this?

andy
  • 53
  • 1
  • 3

2 Answers2

3

In order to do this, you must go through the steps for user consent and then copy the access tokens it gives you into the PHP code.

The usual procedure for OAuth is like this:

  1. Send user to authentication page.
  2. User comes back with $_GET['code']
  3. Send $_GET['code'] to OAuth server for a token
  4. Store token in database for the user (or session, if it's very short lived)

But when doing it with a single calendar like this, you modify step 4. Instead, you dump the token to screen and copy it into your PHP file as variables, instead of putting it in the database. Then when you go to pass the access token to the server, you just pass the known, static token rather than a dynamic token from the database / session.

kingcoyote
  • 1,145
  • 8
  • 21
  • Thanks, but isn't the access token itself short lived? I'd have to do this manually all the time. – andy Mar 16 '12 at 02:10
  • I've been using this exact method for a calendar since December with no issues, and the events on this calendar update so frequently that I know it's still working. I think access tokens do have a lifetime, but it's measured in months, not days or hours. – kingcoyote Mar 16 '12 at 05:38
  • 1
    This only applies to older oauth1, not current oauth2 – Zig Mandel Apr 15 '15 at 14:05
2

See mathewh's answer here:

How to automate login to Google API to get OAuth 2.0 token to access known user account

The lightbulb for me is when you get the access token you get a refresh_token as well... you use this token to "refresh" your access token once it expires.

There is no way around a manual authorization step the first time.

Community
  • 1
  • 1
blak3r
  • 16,066
  • 16
  • 78
  • 98