Search code examples
pythongoogle-oauthgoogle-calendar-apigoogle-api-python-client

Google Calendar API Understanding of token.json

I am working with the Google calendar API, the python quickstart in particular, but the language does not matter.

The example from https://developers.google.com/calendar/api/quickstart/python has:

 if not creds or not creds.valid:
    if creds and creds.expired and creds.refresh_token:
      creds.refresh(Request())
    else:
      flow = InstalledAppFlow.from_client_secrets_file(
          "credentials.json", SCOPES
      )
      creds = flow.run_local_server(port=0)
    # Save the credentials for the next run
    with open("token.json", "w") as token:
      token.write(creds.to_json())

I am working on a website, that is mostly server side. That people will log in, and be able to create a calendar, that the server will allow them to create a calendar, and automatically add events depending on events that occur.

Question 1: My question is about token.json, is that file shared between all users, or should a separator file be created for each person?

Question 2: Should it be backed up, cause if I lost the file then will everyone be logged out?

Solution

  • Question 1: My question is about token.json, is that file shared between all users, or should a separator file be created for each person?

    Token Json is single user. In fact as your code is written it is single user. The first thing that sample does is check if the file exists

    if os.path.exists("token.json"):

    If it does it will load the credentials within that file.

    Question 2: Should it be backed up, cause if I lost the file then will everyone be logged out?

    Yes you should probably back it up as the user who authorized the application will be prompted to authorize your application again. Note this is authorization not authencation, there is no log-out

    Notes:

    The code you are following Authorize credentials for a desktop application it is designed for a desk top application, as written it is single user.

    It is also not going to work on a hosted web page as.

    flow = InstalledAppFlow.from_client_secrets_file(
      "credentials.json", SCOPES
  )
  creds = flow.run_local_server(port=0)

    Will run the the authorization request on the machine its running on unless the user can login to the webserver its not going to work.