Accessing Google APIs From Your Server-Side Web Application Using OAuth 2.0
In this article, I will guide you through practical example of how to connect to Google APIs from your server-side web application. You will be able to retrieve your user’s Google contacts or calendar events to use them in your application for example, or access their Google drive. This is practical application of the concepts discussed in the introduction to OAuth 2.0.
In the introduction to the OAuth protocol, we have seen the basic steps of an OAuth protocol. Now, it is time to see a practical example of a server-side web application that connects to the Google OAuth 2.0 servers to gain authorization to access private resources from Google Drive. I have chosen Google because the documentation is complete, and readers can refer to it in case they want to deep dive into more details.
In this article, we will see an example of a server-side web application. As we have seen, this type of applications uses the Authorization Code method which is more secure than other Authorization Grant methods. For client-side applications like React applications for example, this method is totally insecure because the network traffic between the application and the Google server is visible to the user. Therefore, Secret keys cannot be included in the web requests.