Sourcing an Access Token for OAuth for your own sandbox for Google Drive API v3 can be quite daunting, especially if you’re needing the token for testing and/or purposes. With plenty of documentation around Google’s Client Library, there was not a lot of documentation around generating your own without having to use Google’s OAuth 2.0 Playground.
Below, I talk through the steps to source an Access Token without the use of the Google Library, which enables the user to circumvent the library setup using the self-verify method.
Drive API – Set up
- Head to Google API for Drive , enable the API and create a project.
- In the developer console, go to Credentials and create an API key.
Keep note of your API key.
- Click on the API key you’ve just created, and navigate to OAuth consent screen. Click on External as User Type, then click Create.
- In the next screen, name your application and add the Google Drive in the scope (../auth/drive) so that authenticated users (i.e. yourself) can access your Drive.
Next, add a domain that you control and can upload few files for the OAuth authentication to happen.
Once done, click Save.
- The next step is to have your newly created App submitted for verification. You can ignore for now – we will get back to this shortly.
- Navigate back to Credentials, and create a new OAuth client ID under the the OAuth section.
Choose your application type as Web Application when prompted, and give it a cool name.
On the next screen, grab your client_id and client_secret
Self-Verified App via OAuth
- Build a link to the App to ping OAuth. The structure is as per below.
The scope I need to access the Google Drive v3 API is drive.metadata.readonly, which will do for the job at hand.
You can access a wider range of rules depending on your needs – just change your scope(s) as per the OAuth documentation for Google Drive v3.
- One the OAuth screen, just sign in as you would with your regular Google account.
You will get a message about the app not having been verified by Google and to only proceed if you know and trust the developer.
Click “Advanced”, Go to “URL”, which is marked as unsafe.
You’ll get another message box, asking to grant permission to Google Drive.
We came this far so click Allow, then Allow again to confirm your choices in the next message box.Done!
Note that the URL of your website now has extra query parameters, including the Token that you need.
- Now that you have verified the app, it will show in your Google account’s permission settings.
Have fun implementing!