Search code examples
curlgoogle-cloud-platformoauth-2.0google-apigoogle-oauth

get google Oauth2 access token using ONLY curl

I want to upload a pdf file to Google Drive using curl, for automated testing purposes.

I have created an account on Google Cloud Platform(got client ID and Secret) and enabled the Google Drive API.

All the methods to connect using OAuth2 involve a web browser or clicking some buttons, which I'm not intending to do.

Is there any way to make the whole process of authenticating using OAuth2 and getting an access token to be able to upload a file using it, using ONLY curl commands in the cmd terminal?

Thanks.

Solution

  • The following commands will show you how to authorize to Google using Curl. You are going to have to use the web browser at least once in order to get the refresh token once you have a refresh token you can just use the command to request a new one again after.

    # Client id from Google Developer console
# Client Secret from Google Developer console
# Scope this is a space separated list of the scopes of access you are requesting.

# Authorization link.  Place this in a browser and copy the code that is returned after you accept the scopes.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code

# Exchange Authorization code for an access token and a refresh token.

curl \
--request POST \
--data "code=[Authentication code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token

# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token

    Tips:

    Upload is in two parts you need to upload your metadta, then a file stream of the actual file.

    There is a difference between create and update. If its an existing file you will need to use update not create or your going to get a new file every time.

    Code ripped from GoogleAuthenticationCurl.sh

    service account

    if you want fully hands free, then you should look into a service account, I cant help you do that in curl im not even sure its possible due to all the security and generation of tokens.

    Refresh token expiration

    THe official documentation for refresh tokens and their possible expiration

    • The user has revoked your app's access.
    • The refresh token has not been used for six months.
    • The user changed passwords and the refresh token contains Gmail scopes.
    • The user account has exceeded a maximum number of granted (live) refresh tokens. (There is currently a limit of 50 refresh tokens per Google Account per OAuth 2.0 client ID. If the limit is reached, creating a new refresh token automatically invalidates the oldest refresh token without warning. )