26

I'm trying to follow this tutorial to authenticate with Google using their OAuth 2.0 API. However, I would like to make straight curl calls rather than use their libraries.

I have obtained my Client ID and Client Secret Key. Now I'm trying to get the access token like this:

curl \
--request POST \
--header "Content-Type: application/json" \
--data '{
  "client_id":"MY_CLIENT_ID",
  "client_secret":"MY_SECRET_KEY",
  "redirect_uri": "http://localhost/etc",
  "grant_type":"authorization_code"
}' \
"https://accounts.google.com/o/oauth2/token"

However, it is not working. It gives me the following error:

{
  "error" : "invalid_request",
  "error_description" : "Required parameter is missing: grant_type"
}

Can someone please provide me sample curl call to obtain the access token (and refresh token)?

Improve this question
1

3 Answers 3

Reset to default
18

a) the data you provide should be form-encoded instead of presented as a JSON object and b) you should also provide an authorization code value in the "code" parameter. E.g.: 

curl -d "client_id=MY_CLIENT_ID&\
  client_secret=MY_SECRET_KEY&\
  redirect_uri=http://localhost/etc&\
  grant_type=authorization_code&\
  code=CODE" https://oauth2.googleapis.com/token
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Is this a get or a post?
Using -d automatically turns it in to a POST and sets the desired content type
Can this technique be extended to cover two-legged OAuth2?
The code parameter comes from the original auth request: developers.google.com/android-publisher/authorization
what is "code"? Where do I get it from?
9

While not directly using CURL, you can also get and test OAuth tokens using the Google OAuth Playground: https://developers.google.com/oauthplayground/

Improve this answer

Comments

-2 
create and execute a python script file to obtain JWT assertion key which will be further used in curl command :

python script for generating jwt assertion key :
import jwt
import os
import json
import sys

# Load the service account key JSON
service_account_key = json.loads(open("name of your service account key file").read())

# Extract necessary information from the service account key JSON
client_email = service_account_key["client_email"]



# Create the payload with necessary claims
payload = {
    "iss": client_email,
    "sub": client_email,
    "aud": "https://oauth2.googleapis.com/token",
    "exp": expired timestamp,  # Replace with the expiration timestamp
    "iat": current timestamp,  # Replace with the issuance timestamp
    "scope": "https://www.googleapis.com/auth/cloud-platform"
}

# Sign the payload with the service account's private key
#with open(os.path.join(sys.path[0], 'privatekey.pem'), "r") as private_key_file:
#    private_key = private_key_file.read()

private_key = "mention your private key present in service account key file"

jwt_assertion = jwt.encode(payload, private_key, algorithm="RS256")


print(jwt_assertion)


______________________________________________________________________

assertion key will be obtained after executing the above python script , paste that in below curl command ,

Now, curl -X POST "https://oauth2.googleapis.com/token" \
     -d "scope=read&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
     -d "assertion=(your jwt_assertion key)"
Improve this answer

1 Comment

No explanation or anything? Just plopping code down?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.