google-app-enginegogoogle-oauthgoogle-api-go-client

How do I use a client ID for OAuth2 on App Engine in Go?


I have some fairly simple Go code running in AppEngine that should be using OAuth2 to fetch the list of files from the user's account. It seems to initialize the service OK but when it tries to fetch the file list, I get this error: OAuthError: RoundTrip: no Token supplied

package foo

import (
    "appengine"
    "appengine/urlfetch"
    "code.google.com/p/goauth2/oauth"
    "code.google.com/p/google-api-go-client/drive/v2"
    "fmt"
    "net/http"
)

var config = &oauth.Config{
    ClientId:     "(redacted).apps.googleusercontent.com",
    ClientSecret: "REDACTED",
    Scope:        "https://www.googleapis.com/auth/drive",
    AuthURL:      "https://accounts.google.com/o/oauth2/auth",
    TokenURL:     "https://accounts.google.com/o/oauth2/token",
}

func init() {
    http.HandleFunc("/", home)
}

func home(w http.ResponseWriter, r *http.Request) {
    c := appengine.NewContext(r)
    transport := &oauth.Transport{
        Config:    config,
        Transport: &urlfetch.Transport{Context: c}}
    svc, err := drive.New(transport.Client())
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
        return
    }
    q := svc.Files.List()
    _, err = q.Do()
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
        return
    }
    fmt.Fprintf(w, "Success!")
}

I cannot figure out what I'm doing wrong here. Any help would be kindly appreciated.


Solution

  • The token configuration is not enough; you first have to get a valid access token with the following steps:

    1. Redirect the user to the page returned by AuthCodeURL. The user will be shown the name of your application and the requested permissions.

    2. If the user grants the permissions, they will be redirected to the RedirectURL you gave in the configuration. The URL will contain a query parameter named code.

    3. Retrieve the code parameter and pass it to Exchange. If everything went well, the requests should now be authenticated properly.