OAuth2.0 message flow demonstration using a sample application

OAuth2.0 message flow demonstration using a sample application

In this blog post we will be explaining the procedure of adapting Oauth2.0 to invoke apis from GoogleApi from the sample application we created called MyCalender.

The sample application is written in ASP.NET MVC and it invokes Google Calender api and list down future events of the user.

We have implemented Authorization Code Grant flow in oAuth2.0. We have used ASP.NET external authentication functionalities to implement the OAuth flow.

We'll discuss step by step on adapting OAuth flow for our application.

Step 1 - 

1.     First, we need to obtain the Client ID and the Client Secret from ‘Google Developer Console’ where we have created our application named ‘CalenderOperations'.                                                                  

d   Step 2 - 

1.     Now we need to obtain an authorization token before in order to obtain the access token.

In our application click on Login button.

It loads the page where we have a button for ‘Google’ login. Click on that.

It will redirect our browser to Google Login page where we need to enter our Google credentials.

At this point the url would be

https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=621686696769-fr8t8ij2p30hl8rf1645a59bjo8fbacq.apps.googleusercontent.com&as=QWDZeXEif4kLUalfe6DDzw&destination=http%3A%2F%2Flocalhost%3A60531&approval_state=!ChR2dUJnOTNzSGdkNGNkdGpFYXZEahIfY3p4OE9DcG5HeG9aOEhuU1JuY2dubXJlUnd0QTFoWQ%E2%88%99AJDr988AAAAAXYuPHiadkXFIoWefSwzEsn2_BBPWygon&oauthgdpr=1&oauthriskyscope=1&xsrfsig=ChkAeAh8T6hRnO3_VcPOU9VjjOtz_eb-C-vTEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU&flowName=GeneralOAuthFlow

We will extract the url elements and have look

In above url we do a get request to below url

https://accounts.google.com/o/oauth2/v2/auth

We pass the below parameters with that url

• client_id – We obtained this on step 1.
• response_type – Pass the value ‘code’ for this parameter. This requests the authorization code.
• Scope – Since we need to access calendar events from Google Calendar API we pass ‘CalendarReadonly’ scope.
• redirect_uri – For this we use the localhost domain of our application ‘’

Now we get a window asking us to give permissions to application ‘CalenderOperations’ to access our protected data from Google Calendar Api.

Now confirm the selection.

When you click on allow it will redirect to our localhost ‘http://localhost:60531/’.

Now we can extract the ‘Authorization Code’ from redirected uri. We are ready to get the access token by exchanging this ‘Authorization Code’ with the google authorization server.

Step 3 - 

1.      Now we obtain the access token. The ASP.NET server application passes the above obtained code, client_id, client_secret, grant_type which the value needs to be ‘authorization_code’ and redirect_uri along with the below url and obtains the access token.

https://www.googleapis.com/oauth2/v4/token

If you check the google account you will see that ‘CalendarOperations’ application has access to read events from our google calendar.

Step 4 - 

1.      Now we pass the above obtained access token to Google calendar api and obtained the future events as below.

     

     Thank you very much for taking the time to read this blog post! :) 

     Please find the github repository for the application here

     https://github.com/Dhanushi12/MyCalendar.git

Difference between console Application ,windows Application, web based Application and Web Service

Console application

Console applications are light weight programs run inside the command prompt (DOS) window. They are commonly used for test applications.

Console-based applications include Alpine (an e-mail client), cmus (an audio player), Irssi (an IRC client), Lynx (a web browser), Midnight Commander (a file manager), Music on Console (an audio player), Mutt (an e-mail client), nano (a text editor), ne (a text editor), newsbeuter (an RSS reader), and ranger (a file manager).

Windows Application

Windows Applications are form based standard Windows desktop applications for common day to day tasks. Microsoft word is an example of a Windows application.

Web application

Web applications are programs that used to run inside some web server (e.g., IIS) to fulfill the user requests over the http. A typical example of web application is Hotmail and Google.

Web service

Web services are web applications that provide services to other applications over the internet. Google search engine’s web service allows other applications to delegate the task of searching over the internet to Google web service and use the result produced by it in their own applications.