6/25/2017 - 1:52 PM

Easy OAuth2 with Google explained

Easy OAuth2 with Google explained

Here is the different steps to get a valid Access Token to query Google apis, manually.

Note that we should always use a proper library to do that automatically behind the scene (because it has to handle the refresh token route too).

  1. create an app on

  1. create a OAuth 2.0 client ID for this app
  • set a redirect_url to the live app Google needs this to ensure it's talking to you.
  • this will provide a client_id and a client_secret

  1. GET
  • set a proper client_id, redirect_uri, scope and response_type
  • the scope determine which info we can access (the user will have the list and need to consent)
  • scope email is implicitly replaced by
  • another scope is to grab the google plus profile data for instance

  1. Google redirects to
  • this code is a one-usage-time only
  • we need this code to ask google for the final access token we seek

  • we must provide the previous code, the client_id, the client_secret (which is why it's server-side only!)

  1. we receive an access_token, id_token, and expires_in
    "access_token": "ya29.GltDFHu_0D1940sHXMF2yvLgFvKxqj0z_s1S1llGRd...",
    "expires_in": 3600,
    "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJ...",
    "token_type": "Bearer"

  1. we can know call google apis with the token in the header: `Authorization: Bearer [token]
  • returns some json with id, email and so on (if scope was email)
  • returns google plus data (if scope was plus.login)