In my Spring application I'm using following implementation of Google Authorization:
public Credential authenticate(final NetHttpTransport httpTransport) throws IOException {
Optional<InputStream> credentialsInputStream = Optional.ofNullable(AuthenticationService.class.getResourceAsStream(credentialsFilePath));
GoogleClientSecrets clientSecrets =
GoogleClientSecrets.load(
jsonFactory,
new InputStreamReader(credentialsInputStream
.orElseThrow(() -> new FileNotFoundException("Resource not found: " + credentialsFilePath))));
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
httpTransport, jsonFactory, clientSecrets, authenticationScopes)
.setDataStoreFactory(new FileDataStoreFactory(new File(tokensDirectoryPath)))
.setAccessType(ACCESS_TYPE)
.build();
LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort(AUTHENTICATION_RECEIVER_PORT).build();
return new AuthorizationCodeInstalledApp(flow, receiver).authorize(TECHNICAL_USER_ID);
}
This solution results with the Google auth URL appearing in the console:
Please open the following address in your browser:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=1234567890.apps.googleusercontent.com&redirect_uri=http://localhost:8888/Callback&response_type=code&scope=https://www.googleapis.com/auth/drive%20https://www.googleapis.com/auth/spreadsheets%20https://www.googleapis.com/auth/calendar
Attempting to open that address in the default browser now...
The question is: Is there any way to somehow omit this step when app asks for visiting the URL? The ideal situation would be if whole process could be fully automatic, without the need for any action from the user/dev/ops.
That depends upon what you are doing.
In order to access private user data you need the permission of that user to access their data. Thats what the consent screen does. It requests that the user grant your application permission to access their data. So if you want to access my drive account, sheets, and calendar account you need my permission and to get that permission you need to show me that url.
You appear to be accessing the following apis.
Lets assume that you are not trying to access private user data that you are in fact just trying to access a single account that you the develoepr control. You have some standard files on google drive you want to display to the user, you have a internal google calendar that you would like to display to a user. In this case this is not data that is own by the user but rather data that is owned and controlled by you the developer
In that case then you could use what is called a service account, a service account would give you the ability to pre authorize your application to access this internal data without requesting access of the user, as technically this is not data the user owns.
Go to google developer console create service account credentials. The following code should allow you to access the service account.
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
GoogleCredential credential = GoogleCredential
.fromStream(new FileInputStream(KEY_FILE_LOCATION))
.createScoped(AnalyticsReportingScopes.all());
A service account is its own dummy user so it has its on google drive account you can upload files from it. Or you can share a file or directory with the serive account using the service account email address. Do this though the web application like you would any other user.
Note: Google appears to be making some changes with how service accounts work with Google calendar you may need to play with this a little as depending upon what you are doing the service accounts access may be limited this is normally related to sending event invites.