How to get Oauth access token and retrieve data from Google APIs using Postman
We have been working with the Google Classroom APIs and would like to share a bit of our findings on how to trigger these APIs using the Postman tool through curl requests.
Let’s first assume we have a list of Google Classroom courses. In order to retrieve this list we’ll want to authorize our user and for this we’ll need an Oauth2 access token. Let’s find out how to get that using the https://classroom.googleapis.com/v1/courses api for this specific tutorial.
Let’s start.
Set client details and retrieve access token from Postman UI
Set client details
Open Postman and paste the api we want to inspect under the bar and navigate to the Authorization tab.
Now we’ll need the following details:
Auth URL: https://accounts.google.com/o/oauth2/auth
Access Token URL: https://accounts.google.com/o/oauth2/token
Client ID: Retrieved from the Google Console for your Google Classroom project or the credentials.json file that you may have set under your repository if you’re coding against this API.
Client Secret: Found under the same location as the client ID.
Scope: Permissions granted to access certain data. For the courses api we’ll need this scope: https://www.googleapis.com/auth/classroom.courses but for other apis you may need others or more.
Retrieve access token from Postman UI
Now you can generate a new access token by clicking the Get New Access Token button
This will then open a new window on your browser and once bypassed it will return an authorization token back to Postman
Here you click the Use Token button
Now if we trigger our request we should be able to see the list of courses
Retrieve token using Rest API
Okay, but up to now we got Postman generating the access token for us. What if we’d like to do this ourselves, still through Postman, but using a Rest API instead? Yes, we can do this, but we’ll need an authorization token first.
To get this we’ll need to format the below url with our client data and paste it on a browser.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code
It will look like something like this:
Our Authorization code should now be displayed
We’ll then exchange the authorization code for a refresh token through the below api.
# Exchange Authorization code for an access token and a refresh token.
curl \
--request POST \
--data "code=[Authentication code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
Here we already get the access token and refresh token.
However, the authorization code may change and if you don’t want to get through the whole browser process again, perhaps you may prefer to retrieve the access token based on the refresh token only. If that’s the case, you can copy the refresh token you just got (which shouldn’t change) and from now on, you can get the access token from the below api.
# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token
Once you add your own client data, it will give you something like this:
Perhaps important to know this:
It’s said Google has changed the Access Token URL: https://accounts.google.com/o/oauth2/token. It’s now: https://oauth2.googleapis.com/token. However, at the time of this writing both urls work okay for what we’re trying to do.
That’s it for today.
Thank you for reading this article and I hope you’ve found it useful.
References
Google classroom API documentation: https://developers.google.com/classroom
Stack Overflow posts: get google Oauth2 access token using ONLY curl and Using Postman to access OAuth 2.0 Google APIs.
OpenId connect: https://developers.google.com/identity/protocols/oauth2/openid-connect