After making a call to:
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
httpTransport, JSON_FACTORY, clientSecrets, SCOPES).setDataStoreFactory(
dataStoreFactory).build();
Credential cred = flow.loadCredential(userIdFromMyApplication);
And finding our userIdFromMyApplication
has not yet given us permission to use their Google account (i.e. cred
is null) I do the following:
if (cred == null) {
String url = flow.newAuthorizationUrl().setState("/linkaccount")
.setRedirectUri("http://myapp.com/oauth2.php").build();
//redirect them to the url
}
My question is, once they've granted my app access and my app's oauth2 redirect url I setup under my API access token is called by Google with the access code
parameter set, how do I then associate this code
with userIdFromMyApplication
? Would I have to set userIdFromMyApplication
within my call to setState
when building the redirectUrl? Is that a viable convention? Or is there a more clever way to figure out what access token belongs to which user?
Either store the user ID in your httpSession, or add the user ID (ideally obfuscated) to the "state" parameter, which will then get included in the oauth callback. Personally I use httpSession.
Actually, the second method might pose a security risk, so go with the httpSession.