Google Apps Platform

Using 2-legged OAuth with Google Tasks API for Google Apps domain administrators

[# Enabling tabs] [define tabs_selector].code_list[end] [include "/apis/_tabs.ezt"] [# Some custom styles]

Nicolas Garnier
Nicolas Garnier profile | twitter
Google Developer Relations
June 2011

This article explains how you can use 2-legged OAuth 1.0 (2-LO) with the Google Tasks API if you are a Google Apps domain administrator.

Note: If you are a Google Apps marketplace vendor/developer looking for how to use 2-LO on your marketplace application please read the article Using 2-legged OAuth with Google Tasks API for Google Apps Marketplace applications instead.

Contents

Manage your 2-legged OAuth token in the cPanel

Note: The help article OAuth: Managing API client access is a good resource to help understand this section further.

As a Google Apps domain admin for Business or Education edition, you need to change a few things in your OAuth Consumer Key and Secret configuration. First, go to your OAuth domain key management page: Google Apps cPanel > Advanced tools > Manage OAuth domain key

Verify the following settings are correct:

  • Check the box saying Enable this consumer key
  • Uncheck the box saying Allow access to all APIs

Unchecking the option to allow access to all APIs may sound counterintuitive. We uncheck it here because this setting only gives you access to a specific set of our APIs. Leaving the option checked prevents you from granting your token access to some APIs including the Tasks API.

Setting up the domain OAuth consumer key and secret
Setting up the domain OAuth consumer key and secret

Then, specify which APIs you want your domain OAuth key and secret to have access to. To do this, go to: Google Apps cPanel > Advanced tools > Manage third party OAuth Client access

There, you need to list all the scopes to which your domain OAuth token needs access. In order to set this up do:

  1. In the Client Name field enter your domain name.
  2. In the One or More API Scopes box, enter all the scopes of the APIs you want your token to have access to separated by commas (scopes can usually be found in the authorization section of the Developer's Guide for each API). For example, to give your token access to the Google Calendar API and the Google Tasks API enter the following scopes: https://www.googleapis.com/auth/calendar/, https://www.googleapis.com/auth/tasks
  3. Click the Authorize button. If you entered your scopes correctly, they should appear in the list below next to your domain name with the name of the product associated to the scope.
Adding scopes to the domain OAuth consumer key and secret
Adding scopes to the domain OAuth consumer key and secret

Please keep your consumer key and your consumer secret. You will need them later (Section Using the client libraries).

Get your API key from the APIs Console

You also need the API Key from a project registered on the APIs Console. The API Key allows Google to know which project to deduct quota from, how to handle user-specific quota etc... To get this go to the API Access page of your APIs Console's project: Google APIs Console > API Access > Simple API Access

On the simple API Access page copy the API key. You will need it later (Section Using the client libraries).

Getting the API key of a project on the APIs Console
Getting the API key of a project on the APIs Console

You might have to create a project if you haven't done so already. Then enable access to the Tasks API for your project by simply toggling the On/Off Tasks API switch to "On" in the All Services page.

Enabling the Google Tasks API for a project in the APIs Console
Enabling the Google Tasks API for a project in the APIs Console

Using the client libraries

Below are some very basic code samples using our Tasks API client libraries for multiple languages. These code samples show you in Java and Python how to authenticate to the service using 2-LO and run a basic query.

You should now have these four values that are required to authenticate using 2-LO on the Tasks API:

Code samples:

Python

# Initializing some objects
http = httplib2.Http()

# The 2-LO authorization section
credentials = TwoLeggedOAuthCredentials(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, '2-lo-python-sample/1.0')
http = credentials.authorize(http)
credentials.requestor = ACCOUNT_EMAIL

# Initializing the Tasks API service
service = build('tasks', 'v1', http=http, developerKey=API_KEY_FROM_APIS_CONSOLE)

# Performing first request: Getting the tasks lists
tasklists = service.tasklists().list().execute()

# Simply printing the title of each tasks lists
for tasklist in tasklists['items']:
  print tasklist['title']
    

Java

// Initializing some Objects
HttpTransport httpTransport = new NetHttpTransport();
JacksonFactory jsonFactory = new JacksonFactory();

// The 2-LO authorization section
OAuthHmacSigner signer = new OAuthHmacSigner();
signer.clientSharedSecret = OAUTH_CONSUMER_SECRET;

OAuthParameters oauthParameters = new OAuthParameters();
oauthParameters.version = "1";
oauthParameters.consumerKey = OAUTH_CONSUMER_KEY;
oauthParameters.signer = signer;
oauthParameters.signRequestsUsingAuthorizationHeader(httpTransport);

// Initializing the Tasks API service
Tasks service = new Tasks("2-lo-tasks-test/1.0", httpTransport, jsonFactory);
service.accessKey = API_KEY_FROM_APIS_CONSOLE;

// Performing first request: Getting the tasks lists
List getTaskListsOperation = service.tasklists.list();
getTaskListsOperation.unknownFields.add("xoauth_requestor_id", ACCOUNT_EMAIL);
TaskLists taskLists = getTaskListsOperation.execute();

// Simply printing the title of each tasks lists
for (TaskList taskList : taskLists.items) {
  System.out.println(taskList.title);
}
    

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.