search

ravipatidar54 / google-api-dotnet-client

Automatically exported from code.google.com/p/google-api-dotnet-client
Apache License 2.0
0 stars 0 forks source link

JWTs and OAuth #218

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Greetings all, 

We got directed to this forum by the DFA API Team for help. We are working with 
them as part of their testing program to evaluate the new API. Unfortunately we 
hit a little snag right off the bat with the OAuth piece. Basically we are 
trying to implement a solution according to this spec: 
https://developers.google.com/accounts/docs/OAuth2ServiceAccount and were 
disappointed to see that there was not a .NET toolset available for 
creating/signing the JWTs. After digging around online for awhile I did find 
this on github and it looks promising. Can you guys take a look at it and run 
some tests on your end to see if it will do the trick for this?

https://github.com/johnsheehan/jwt/blob/f4b6d0ce78de515d9e2b4e0e788a59a59e3c7f78
/JWT/JWT.cs

We are on Windows Server 2008 (64bit) and .NET 4.0
Please let me know if you need any additional information

thanks

Original issue reported on code.google.com by scottand...@gmail.com on 14 Jun 2012 at 10:49

GoogleCodeExporter commented 9 years ago 
Hi Scott,
I don't know much about OAuth, but the latest release contains 
AssertionFlowClient which uses JWT, does this satisfy your requirements?

Thanks,
David.

Original comment by davidwat...@google.com on 4 Sep 2012 at 9:19

GoogleCodeExporter commented 9 years ago 
Thanks for the reply David...I'm not sure if this will do the trick or not, but 
it does look promising (I did a search on AssertionFlowClient and came across 
this: 
http://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.A
uthentication.OAuth2/DotNetOpenAuth/AssertionFlowClient.cs). 

Basically our scenario is one where we interact with various Google APIs 
(primarily DFA and Google Analytics at the moment) to pull metrics for our 
customers on their various campaigns. Since it is an automated process that 
runs each day to pull the data back we need an authentication mechanism that is 
hands-off (i.e. does not require any user intervention). Unfortunately all the 
Google OAuth examples online seem to focus on scenarios where user intervention 
is part of the handshake so the server-to-server scenario with JWT 
(https://developers.google.com/accounts/docs/OAuth2ServiceAccount) sounded like 
the correct approach for us. Is my thinking correct in this sense?

thanks

Original comment by scottand...@gmail.com on 5 Sep 2012 at 2:23

GoogleCodeExporter commented 9 years ago 
Another way to accomplish the same thing is to get and save a refresh token 
(human interaction required) and then use that to get a session token (no human 
interaction required). So assuming you have a small number of accounts you wish 
to process, you can get tokens once with human intervention and then use them 
for every after.

For more details you can see 
http://stackoverflow.com/questions/8257678/google-calendar-api-v3-hardcoded-cred
entials/8263138#8263138

JWTs may provide a better way of doing this, but I know next to nothing about 
them.

Hope that helps.

David.

Original comment by davidwat...@google.com on 5 Sep 2012 at 2:32