How to Obtain a Refresh Token & Access Token to Access Google APIs

Thushara Sampath
4 min readMay 7, 2023

--

Intro

Google APIs are essential for developers in various applications such as integration, scripting, IoT, and more. To authenticate Google APIs programmatically, the most convenient method is using OAuth 2.0. If you are not familiar with OAuth 2.0, you can refer to the official documentation for better understanding.

This guide focuses on, obtaining a Client ID, Client Secret, Refresh Token, and Access Token, which are crucial for accessing Google APIs. However, to keep the guide concise and practical, it assumes that you already have a use case in mind for these tokens πŸ™‚.

By following this guide, you will learn how to obtain the necessary credentials to use Google APIs efficiently. However, it’s essential to note that this is not the only approach available. There are multiple methods available, and you should choose the one that best suits your project requirements and preferences. Do your own research as well πŸ˜‰.

Refresh tokens are employed to retrieve a new access token without requiring the user to log in again. After granting permission for third-party applications to access their Google services, the user is issued a refresh token alongside the access token. The refresh token can then be utilized to obtain a new access token without prompting the user to log in again.

πŸ›‘πŸ›‘ Caution: Please ensure that you do not let these credentials and tokens fall into the hands of unauthorized individuals. It is important to keep them secure and protected to prevent any potential security breaches. πŸ›‘πŸ›‘

Before you begin

  1. You need to have Google Account (obviously πŸ™ƒ).
  2. Determine which Google service you need to access. Because the scope needs to be set accordingly when obtaining a refresh token.

Step 1: Obtain OAuth 2.0 client credentials

  1. Go to https://console.cloud.google.com/apis/credentials.
  2. Click CREATE CREDENTIALS and select OAuth Client ID.
  1. Select Web Applications as the Application type and give a name you prefer.
  2. You need to add Redirect URIs. Give unused localhost URI.
    Ex:
    http://localhost:3000.
  3. Click Create.
  4. Then, it will show a pop-up and you can copy or download the Client ID and Client Secret. You can view them later by visiting the Client ID you created.

Redirect URI : Users will be redirected to this path after they have authenticated with Google. The path will be appended with the authorization code for access, and must have a protocol. It can’t contain URL fragments, relative paths, or wildcards, and can’t be a public IP address. - Google -

Step 2: Obtain the Authorization Code

  1. Copy and paste the following URI to your browser address bar and prepare it with your details.

Hint: You can prepare URIs easily using Text Editor and copy-paste in to browser bar. Note that URI symbols can sometimes be altered or lost when editing and copy-pasting . To avoid this, ensure that you are using a reliable text editor like VS code.

https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=<Client ID>&scope=<Scope>&redirect_uri=<Redirect URI>&access_type=offline&prompt=consent

Client ID : Client ID you obtained in Step 1.

Redirect URI : Redirect URI you provided when creating Client Credentials in Step 1.

Scope : Select Scope according to your use case. You can see all scopes at https://developers.google.com/identity/protocols/oauth2/scopes.

Example scope : https://www.googleapis.com/auth/drive

Example Prepared URI :

https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=1234qwer.apps.googleusercontent.com&scope=https://www.googleapis.com/auth/drive&redirect_uri=http://localhost:3000&access_type=offline&prompt=consent

2. Once URI is ready, Hit enter.

3. Select the Google account that you used to obtain the client credentials.

4. Click Allow on the next page.

5. After completing the previous step, you will be redirected to a localhost URI, which will resemble the following format. Copy this URI from the address bar of your browser.

http://localhost:3000/?code=<Code>&scope=https://www.googleapis.com/auth/drive

6. Go to the website https://meyerweb.com/eric/tools/dencoder/ to decode the URI (You can use any URL Decoder of your preference). Paste the URI into the decoding field and click Decode. This will ensure that the code is correctly decoded.

7. Copy the Code Part of the Decoded URI. This will be required for the next step.

Step 3: Get Refresh Token (Finally πŸ₯΅)

  1. you can use cURL for this. Prepare the following cURL command with your data.
curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'redirect_uri=<Redirect URI in Step 1>' \
--data-urlencode 'client_id=<Client ID from Step 1>' \
--data-urlencode 'client_secret=<Client Secret from Step 1>' \
--data-urlencode 'code=<Code from Step 2>' \
--data-urlencode 'grant_type=authorization_code'

Example Prepared cURL command :

curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'redirect_uri=http://localhost:3000' \
--data-urlencode 'client_id=1234qwer.apps.googleusercontent.com' \
--data-urlencode 'client_secret=123456789qwer' \
--data-urlencode 'code=QWER1235' \
--data-urlencode 'grant_type=authorization_code'

2. Execute the prepared cURL command in your terminal.

3. If everything is okay, The response will contain the Refresh Token and Access Token.

Example Response :

{
"access_token": "987654321poiuytrewq",
"expires_in": 3599,
"refresh_token": "123456789qwertyuiop",
"scope": "https://www.googleapis.com/auth/drive",
"token_type": "Bearer"
}

Conclusion

You can use this method to obtain tokens to access Google APIs. Happy coding forks πŸ₯³πŸ₯³πŸ₯³πŸ₯³!

--

--

Thushara Sampath
Thushara Sampath

Written by Thushara Sampath

Undergraduate | Electronic and Telecommunication Engineering at University of Moratuwa , Sri Lanka

No responses yet