Search code examples
oauthoauth-2.0google-apigoogle-oauthgoogle-api-client

Google Oauth consent screen doesn't show up

I'm trying to follow the Google Oauth guide to give my Rails app permission to edit users' calendars. Maybe I'm misunderstanding, but the guide seems to say that all you have to do is send a certain request to the Google API, and that will prompt the consent screen to pop up for the user. However, I'm sending the request with no errors, but nothing happens.

My app has been verified, and the URL I'm attempting this on has been added to my Oauth credentials. Theoretically in this instance it shouldn't matter, but I also have the 'google-api-client', 'omniauth', and 'omniauth-google-oauth2' gems installed. The URL is HTTPS with an SSL cert.

What am I doing wrong?

# this is the controller action for my path, so the API is pinged when the page is loaded
def path

    url = "https://accounts.google.com/o/oauth2/v2/auth?
      scope=email%20profile%20calendar.events&
      response_type=code&
      redirect_uri=<URL>&
      client_id=<CLIENT_ID>"

    require 'open-uri'
    require 'uri'
    require 'net/http'
    require 'json'
    require 'net/https'
    uri = URI(url)
    response = Net::HTTP.get(uri)


end
Solution

  • The guide is a little confusing. They say "send a request to the URL https://accounts.google.com/o/oauth2/v2/auth" but actually mean "open that URL in a browser". I think that is the point that you misunderstood.

    So, create this html file:

    <a href="https://accounts.google.com/o/oauth2/v2/auth?scope=email%20profile%20calendar.events&response_type=code&redirect_uri=REDIRECT_URI&client_id=CLIENT_ID">Login
with Google</a>

    Now open the html file in a browser and click the link. You will notice that the Google server redirects the browser to the REDIRECT_URI you have specified. Either you can see that in your web server logs (if the server works) or the browser will display an error message and you can see the URL with all query parameters sent by Google in the browser address bar.

    See in the docs what your server has to respond to the redirected request so that the consent screen finally shows up.

    When it shows up, the procedure is similar: You - as the user - grant the permissions requested, and when you click the button, Google will respond again with a redirect, and you then harvest the token from the query parameters.