Manually obtain GoogleOAuth2 access token with your web browser and curl
If you manually need to obtain an access token from GoogleOAuth2, for development (or other) reasons, you can do so in a few simple steps with your web browser and curl.
Note: This article has been inspired partly based on the following two resources. There has been another way to do this in the past, which recently stopped working. In my search for a new solution, I found this post on StackOverflow, in which this approach is being discussed.
Registering an Application with GoogleOAuth2
In order to obtain an access token from GoogleOAuth2, you first need to register your application at the Google Cloud Console.
- Create a new project
- Define your OAuth Consent Screen
- Create credentials
Creating the credentials
We are starting at the Credentials-Page:
- Select
+ Create Credentials
at the top of the Page - Choose
OAuth client ID
Web application
as Application type- Name it as you wish
- Under
Authorized redirect URIs
select+ Add URI
and addhttp://127.0.0.1
- Select
Create
- Copy and save the shown
Client ID
andClient Secret
Obtaining the access token
User authentication
Within your web browser open the following URI (Do not forget to fill in your client id) and authenticate your application (Sign in to your account if requested).
https://accounts.google.com/o/oauth2/auth?client_id=<CLIENT-ID>&redirect_uri=http://127.0.0.1&scope=profile&email&response_type=code&include_granted_scopes=true&access_type=offline&state=state_parameter_passthrough_value
After authentication, Google redirects you to your specified redirect URI, which is responsible for handling the authentication request response. Since no server is running at this URI, your browser shows an error page. However, in the address bar of the browser, you will find the redirect request from Google.
http://127.0.0.1/?...&code=<CODE>&...
Within you have a parameter named code
, that we are going to copy and save for the next step.
Requesting access token
With the previously obtained code parameter, we are now running a curl request to ask Google for the access token. Fill in your code
, client id
, client secret
and redirect URI
and run the command in your terminal.
curl -X POST https://oauth2.googleapis.com/token \
-d "code=<CODE>&client_id=<CLIENT-ID>&client_secret=<CLIENT-SECRET>&redirect_uri=<REDIRECT-URI>&access_type=offline&grant_type=authorization_code"
This gives you a response like this:
{ "access_token": "<ACCESS-TOKEN>", "expires_in": 3599, "refresh_token": "<REFRESH-TOKEN>", "scope": "https://www.googleapis.com/auth/user.birthday.read https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid", "token_type": "Bearer", "id_token": "XXX"}
Now you have an access token, that you can use e.g. for development purposes.
Refreshing access token
If your access token expires, refresh it with this command:
curl -X POST https://oauth2.googleapis.com/token \
-d "access_type=offline&refresh_token=[ZZZZ]&client_id=<CLIENT-ID>&client_secret=<CLIENT-SECRET>&grant_type=refresh_token"
Other scopes
In this example, we have requested the email and profile information of the user. If you want to obtain other scopes with your access token, add the desired scopes to your request.
Conclusion
With these easy steps, you can quickly obtain an access token from GoogleOAuth2. You can then use it e.g. during development to test (parts of) your software.