How to get Google OAuth 2.0 Access token directly using curl? (without using Google Libraries)

Asked 9/5, 2016 at 4:41 Answered 16/10, 2023 at 10:22

I'm trying to follow this tutorial to authenticate with Google using their OAuth 2.0 API. However, I would like to make straight curl calls rather than use their libraries.

I have obtained my Client ID and Client Secret Key. Now I'm trying to get the access token like this:

curl \
--request POST \
--header "Content-Type: application/json" \
--data '{
  "client_id":"MY_CLIENT_ID",
  "client_secret":"MY_SECRET_KEY",
  "redirect_uri": "http://localhost/etc",
  "grant_type":"authorization_code"
}' \
"https://accounts.google.com/o/oauth2/token"

However, it is not working. It gives me the following error:

{
  "error" : "invalid_request",
  "error_description" : "Required parameter is missing: grant_type"
}

Can someone please provide me sample curl call to obtain the access token (and refresh token)?

Bennett answered 9/5, 2016 at 4:41 Comment(1)

Take a look at: https://mcmap.net/q/537182/-use-bash-curl-with-oauth-to-return-google-apps-user-account-data-closed – Grose 9/5, 2016 at 12:2

a) the data you provide should be form-encoded instead of presented as a JSON object and b) you should also provide an authorization code value in the "code" parameter. E.g.:

curl -d "client_id=MY_CLIENT_ID&\
  client_secret=MY_SECRET_KEY&\
  redirect_uri=http://localhost/etc&\
  grant_type=authorization_code&\
  code=CODE" https://oauth2.googleapis.com/token

Carrasco answered 9/5, 2016 at 9:23 Comment(5)

Is this a get or a post? – Bennett 9/5, 2016 at 15:33

Using -d automatically turns it in to a POST and sets the desired content type – Carrasco 9/5, 2016 at 15:34

Can this technique be extended to cover two-legged OAuth2? – Putrefy 19/8, 2018 at 19:5

The code parameter comes from the original auth request: developers.google.com/android-publisher/authorization – Hope 7/11, 2019 at 12:57

what is "code"? Where do I get it from? – Bazan 29/10, 2023 at 13:12

While not directly using CURL, you can also get and test OAuth tokens using the Google OAuth Playground: https://developers.google.com/oauthplayground/

Hope answered 7/11, 2019 at 13:2 Comment(0)

-1

create and execute a python script file to obtain JWT assertion key which will be further used in curl command :

python script for generating jwt assertion key :
import jwt
import os
import json
import sys

# Load the service account key JSON
service_account_key = json.loads(open("name of your service account key file").read())

# Extract necessary information from the service account key JSON
client_email = service_account_key["client_email"]



# Create the payload with necessary claims
payload = {
    "iss": client_email,
    "sub": client_email,
    "aud": "https://oauth2.googleapis.com/token",
    "exp": expired timestamp,  # Replace with the expiration timestamp
    "iat": current timestamp,  # Replace with the issuance timestamp
    "scope": "https://www.googleapis.com/auth/cloud-platform"
}

# Sign the payload with the service account's private key
#with open(os.path.join(sys.path[0], 'privatekey.pem'), "r") as private_key_file:
#    private_key = private_key_file.read()

private_key = "mention your private key present in service account key file"

jwt_assertion = jwt.encode(payload, private_key, algorithm="RS256")


print(jwt_assertion)


______________________________________________________________________

assertion key will be obtained after executing the above python script , paste that in below curl command ,

Now, curl -X POST "https://oauth2.googleapis.com/token" \
     -d "scope=read&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
     -d "assertion=(your jwt_assertion key)"

Arp answered 16/10, 2023 at 10:22 Comment(0)

Recommended topics

Hot tags