Authorizing google to access your apps

Google authorization and authentication example using Postman to get access to the access_token and token_id

Step 1 Run the following url to get the open id configuration

https://accounts.google.com/.well-known/openid-configuration

example

{
"issuer": "https://accounts.google.com",
"authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"device_authorization_endpoint": "https://oauth2.googleapis.com/device/code",
"token_endpoint": "https://oauth2.googleapis.com/token",
"userinfo_endpoint": "https://openidconnect.googleapis.com/v1/userinfo",
"revocation_endpoint": "https://oauth2.googleapis.com/revoke",
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token",
"none"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"profile"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"claims_supported": [
"aud",
"email",
"email_verified",
"exp",
"family_name",
"given_name",
"iat",
"iss",
"locale",
"name",
"picture",
"sub"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"grant_types_supported": [
"authorization_code",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
]
}

Step 2. Create a Google app to allow other apps access your google information. Create a app to allow access to your photos

Granting Google apps on your account.
Sign into GCP (google cloud platform.
create a new app
Go to Credentials => Name
add a authorized redirect URL, enter localhost:8080 for test purpose, but it would nromally be a link back to your web app for authorization.

open the browser paste in this request

https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=3434456715-84e16a2ufb1b9fd8sqqaalqvarerqf2v.apps.googleusercontent.com&scope=openid%20profile%20email%20https://www.googleapis.com/auth/photoslibrary.readonly&state=state123&redirect_uri=http://localhost:8080&access_type=offline&prompt=consent

https://accounts.google.com/o/oauth2/v2/auth
response_type
client_id
scope
state
redirect_uri
access_type
prompt

Step 3 Use the code value to access your app

From the browser, copy the response information from the web browser code="4/0AX4XfWhRHLkc3ULQahEsRExIhMg1oG1F2ob86wKNtbiIrSXwjhhYWID8FvLyeJQOcxInDw"

This code will be used to get your access_token and id_token, along with other information but this information is important in allowing access to your photos.

access_token are normally valid for 1 hour, then you could use a refresh token to reactivate your token.

This is the code from the above web request needed to get access your app
4/0AX4XfWgdNUQ6xTp794xfNxM6QyUYKRPq3N_j_dj3er70KKNKhTMz63uycr3itxeWMe-FoA

Step 4 Reveal your access token using Postman

Open up Postman, create a Post request, and enter the below endpoint and click the body tab and enter the below parameters.

Endponit => "https://oauth2.googleapis.com/token"
type => POST

click on the body tab

grant_type = authorization_code
client_id = 281629116715-84e16a2ufb1b9fd8sqqaalqvarerqf2v.apps.googleusercontent.com
client_secret = "your secret"
code = from above
redirect_url = localhost:8080

Press Send button

Goto https://jwt.io/

and paste in the token_id from the postman response, it will give you scope information used in Step 2. email, name, pic (if any)