I have an app that is failing to continue processing after I consent to the desired API scopes. My process is as follows:
The app is a Java web app running on Tomcat 10.1. It is an internal, single user app, where I want to be able to read and write to my calendar, list, read, and write to my Google sheets. Because I'm accessing my personal calendar and sheets, that rules out using a service account. So, I'm using an OAuth 2 client ID.
My app runs the following code:
if ( credential == null ) {
final NetHttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load( JSON_FACTORY , new StringReader( credentialsString ) );
File tokenDirectory = new java.io.File( tokensDirectoryPath );
LOGGER.debug( String.format( "Token directory: %s" , tokenDirectory.getAbsolutePath() ) );
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
httpTransport , JSON_FACTORY , clientSecrets , Constants.SCOPES )
.setDataStoreFactory( new FileDataStoreFactory( new java.io.File( tokensDirectoryPath ) ) )
.setAccessType( "offline" )
.setApprovalPrompt( "force" )
.build();
LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort( 8081 ).build();
credential = new AuthorizationCodeInstalledApp( flow , receiver ).authorize( "user" );
}
This logs a message saying I need to open the following address in my browser:
https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force&client_id=xxxx&redirect_uri=http://localhost:8081/Callback&response_type=code&scope=https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/drive.readonly%20https://www.googleapis.com/auth/spreadsheets
I copy that to my browser and sign in and consent.
I get back a URI that looks like:
http://localhost:8081/Callback?code=xxxxxxxxxxxxxxxxxx&scope=https://www.googleapis.com/auth/spreadsheets%20https://www.googleapis.com/auth/drive.readonly%20https://www.googleapis.com/auth/calendar
At this point I'm lost. The web page just sits there spinning, waiting for something to happen that never does. I've disabled the firewall thinking maybe the response was being blocked. That didn't make a difference. A sudo netstat -tulpn shows my Java app is listening on port 8081.
Does anyone see anything I'm doing wrong?
UPDATE: I wrote a batch program using the same code, ran it on my local Windows machine and everything worked fine. Not sure what is going on with the Linux/Tomcat server (headless) given the firewall was disabled.
The remainder of the OAuth2/OIDC ceremony, namely the exchange of the code for a token, is missing.
Your server needs to implement a Servlet with the path /Callback to process the callback provided in the callback_url.
The internal processing of http://localhost:8081/Callback?code=xxxxxxxxxxxxxxxxxx should make a call to https://accounts.google.com/o/oauth2/token with the code as a parameter.
The call to https://accounts.google.com/o/oauth2/token will return the JWT for later use for authorization by the client.
This is the missing step.