Skip to content

Instantly share code, notes, and snippets.

@Scarygami

Scarygami/necessary_client.html

Last active July 14, 2018 08:36
Show Gist options
  • Save Scarygami/11ed38a1a0632fe77780 to your computer and use it in GitHub Desktop.
Save Scarygami/11ed38a1a0632fe77780 to your computer and use it in GitHub Desktop.
Download ZIP
Google Sign-In 2.0 Server-side samples
Raw
necessary_client.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Google Sign-in 2.0 - Necessary Client</title>
<script src="https://apis.google.com/js/client:platform.js?onload=clientLoaded" async defer></script>
</head>
<body>
<button id="enable_offline_access">Enable Offline Access</button>
<script type="text/javascript">
(function (global) {
global.clientLoaded = function () {
var authorizeProcessRunning = false;
global.gapi.load('auth2', function () {
var auth2 = gapi.auth2.init({
client_id: 'YOUR-CLIENT-ID.apps.googleusercontent.com',
scope: 'profile https://www.googleapis.com/auth/glass.timeline'
});
auth2.isSignedIn.listen(function (signedIn) {
/**
* This will be called after the auth library is initialized
* if the user has previously authenticated, or at the same time
* that grantOfflineAccess returns a code.
* We only want to verify the offline access for existing users
*/
if (signedIn && !authorizeProcessRunning) {
sendPostRequest('/verify', {id_token: id_token}).then(function (response) {
if (response.access_granted) {
global.document.getElementById('enable_offline_access').style.display = 'none';
}
});
}
});
auth2.then(function () {
global.document.getElementById("enable_offline_access").onclick = function () {
// request one-time code
authorizeProcessRunning = true;
gapi.auth2.getAuthInstance().grantOfflineAccess({
redirect_uri: 'postmessage'
}).then(function (auth_response) {
// send one-time code to the server and wait for response
sendPostRequest('/authorize', {code: auth_response.code}).then(function (response) {
if (response.access_granted) {
global.document.getElementById('enable_offline_access').style.display = 'none';
}
authorizeProcessRunning = false;
});
});
};
});
});
};
}(this));
</script>
</body>
</html>
Raw
optional_client.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Google Sign-in 2.0 - Optional Client</title>
<script src="https://apis.google.com/js/client:platform.js" async defer></script>
<meta name="google-signin-client_id" content="YOUR-CLIENT-ID.apps.googleusercontent.com">
</head>
<body>
<div class="g-signin2" data-onsuccess="onSignIn"></div>
<button id="enable_offline_access" style="display: none">Enable Offline Access</button>
<script type="text/javascript">
(function (global) {
global.onSignIn = function (user) {
var id_token = user.getAuthResponse().id_token;
// Some function to send the id_token to your server
sendPostRequest('/verify', {id_token: id_token}).then(function (response) {
if (!response.access_granted) {
global.document.getElementById('enable_offline_access').style.display = 'block';
}
});
};
global.document.getElementById("enable_offline_access").onclick = function () {
// request one-time code
gapi.auth2.getAuthInstance().grantOfflineAccess({
redirect_uri: 'postmessage',
scope: 'https://www.googleapis.com/auth/glass.timeline'
}).then(function (auth_response) {
// send one-time code to the server and wait for response
sendPostRequest('/authorize', {code: auth_response.code}).then(function (response) {
if (response.access_granted) {
global.document.getElementById('enable_offline_access').style.display = 'none';
}
});
});
};
}(this));
</script>
</body>
</html>
Raw
sample_id_token.json
{
"iss": "accounts.google.com",
"sub": "112336147904981294875",
"azp": "YOUR-CLIENT-ID.apps.googleusercontent.com",
"email": "[email protected]",
"at_hash": "ABCHASJDKJAHJ1231w",
"email_verified": true,
"aud": "YOUR-CLIENT-ID.apps.googleusercontent.com",
"iat": 1429619207,
"exp": 1429622807,
"name": "Gerwin Sturm",
"picture": "https://lh3.googleusercontent.com/-khaIYLifQik/AAAAAAAAAAI/AAAAAAACclE/rspep_SceFo/s96-c/photo.jpg",
"given_name": "Gerwin",
"family_name": "Sturm",
"locale": "en"
}
Raw
server.py
#!/usr/bin/python
import json
import random
import string
from flask import Flask
from flask import make_response
from flask import request
import httplib2
import oauth2client.client
from oauth2client.crypt import AppIdentityError
APPLICATION_NAME = 'Google Sign-in 2.0 - Server'
app = Flask(__name__)
app.secret_key = ''.join(random.choice(string.ascii_uppercase + string.digits)
for x in xrange(32))
CLIENT_ID = json.loads(
open('client_secrets.json', 'r').read())['web']['client_id']
@app.route('/verify', methods=['POST'])
def verify():
id_token = request.get_json().get('id_token', None)
try:
# Verify the ID token using the client library.
jwt = verify_id_token(id_token, CLIENT_ID)
user_id = jwt['sub']
except AppIdentityError:
user_id = None
if user_id is None:
response = make_response('invalid token', 401)
return response
# try to retrieve previously stored credentials via some function
credentials = get_credentials(user_id)
response_data = {}
if credentials is None:
response_data['access_granted'] = False
else:
response_data['access_granted'] = True
response = make_response(json.dumps(response_data), 200)
response.headers['Content-Type'] = 'application/json'
return response
@app.route('/authorize', methods=['POST'])
def authorize():
code = request.get_json().get('code', None)
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(json.dumps({'access_granted': False}), 401)
response.headers['Content-Type'] = 'application/json'
return response
user_id = credentials.id_token['sub']
# store the credentials for this user via some function for later use
store_credentials(user_id, credentials)
response = make_response(json.dumps({'access_granted': True}), 200)
response.headers['Content-Type'] = 'application/json'
return response
if __name__ == '__main__':
app.debug = True
app.run(host='0.0.0.0', port=4567)
Raw
verify_client.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Google Sign-in 2.0 - Basic Client</title>
<script src="https://apis.google.com/js/client:platform.js" async defer></script>
<meta name="google-signin-client_id" content="YOUR-CLIENT-ID.apps.googleusercontent.com">
</head>
<body>
<div class="g-signin2" data-onsuccess="onSignIn"></div>
<script type="text/javascript">
(function (global) {
global.onSignIn = function (user) {
var id_token = user.getAuthResponse().id_token;
// some function to send the id_token to your server
sendPostRequest('/verify', {id_token: id_token})
};
}(this));
</script>
</body>
</html>
Raw
verify_server.py
#!/usr/bin/python
import json
import random
import string
from flask import Flask
from flask import make_response
from flask import request
import httplib2
import oauth2client.client
from oauth2client.crypt import AppIdentityError
APPLICATION_NAME = 'Google Sign-in 2.0 - Basic Server'
app = Flask(__name__)
app.secret_key = ''.join(random.choice(string.ascii_uppercase + string.digits)
for x in xrange(32))
CLIENT_ID = json.loads(
open('client_secrets.json', 'r').read())['web']['client_id']
@app.route('/verify', methods=['POST'])
def verify():
id_token = request.get_json().get('id_token', None)
try:
# Verify the ID token using the client library.
jwt = verify_id_token(id_token, CLIENT_ID)
user_id = jwt['sub']
except AppIdentityError:
user_id = None
if user_id is None:
response = make_response('invalid token', 401)
return response
# Here you can get data relevant to user_id and return it
response = make_response('successfully verified', 200)
return reponse
if __name__ == '__main__':
app.debug = True
app.run(host='0.0.0.0', port=4567)
@sushantarsenal
Copy link

How are optional_client.html and necessary_client.html different? Both of them request for authorization I guess. In what way are they different?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment