OAuth is a protocol for authorization. It allows desktop, mobile and web applications to access web resources (mostly REST services) on behalf of a user. The protocol permits this without the user having to share its credentials (typically, a username and password pair) with the application. OAuth is a widely implemented protocol.
If you want to leverage services offered by Google ie get access to its APIs then you will need to get a Token using OAuth 2.0. Google uses this protocol to protect its APIs. In this article I will explain how to use Google OAuth 2.0 in a Windows Phone 8 application.
Step 1: Register your application in Google Developers Console
To start out, the developer must register an application through the Google API’s Console. Once you have your application registered, Google provides you with a Client ID, a Client Secret code and redirect URI’s which we will use to get the users permission to use their account information.
Firstly, click on Create Project button and add a new project by giving it a name.
Now configure the Consent screen using the dashboard. Remember to fill in all the required details.
Note: Don’t forget to enter an Email address here. Not doing so will result in an error 401.
Next go to Credentials tab under APIs & auth and create a new Client ID. Choose Other in Installed application.
Finally, you will be able to see your Client ID, Client Secret and Redirect URIs. We will need these things while developing the app.
Before we jump into building the application, let’s have a look at the Sequence diagram for the OAuth authentication. You can see that,
- The application first sends a request for token
- The user then logins and consents to provide the requested information
- Google Outh2 Authorization server returns Code to the application
- The application exchanges the code for an access token
- Now the application can call the APIs of that service with the Token.
Step 2: Get the app ready for OAuth authentication
Before you implement Google’s OAuth in your application, you need to install a framework for JSON and another for OAuth.
Get the JSON.NET framework using Nuget package manager for Visual Studio. If you need help installing Nuget packages, refer to this tutorial.
Next, we are going to use an awesome framework from Pieter De Rycke for OAuth. You can get its source code at Github.
Otherwise just download the sample project attached with this tutorial and include the required files in your project.
Overview of the files included in this step:
In all we have added 5 files in our project. Here’s what each one of it does.
It contains the request URLs for the various services that Google provides. Before using any of the services check if its API is enabled in Google’s Developer Console for your application. In this example we are using UserInfoEmail to request for user’s email id.
HttpWebRequest on the Windows Phone 8 SDK is somewhat incomplete compared to its brethren on Windows 8, since it isn’t implemented using the async and await. These extensions are used so that they can be used with async and await.
LoginPage.xaml and LoginPage.xaml.cs
This page contains a Web Browser control for user login and consent. The code behind handles the authorization and navigates back to the requesting page once the access token is received successfully.
This file handles the whole authorization process. This should work with other OAuth providers as well. Using the client id and the client secret, the OAuthAuthorization class will call a Google REST API to exchange the authorization code for an access token and a refresh token.
This file simply contains a class which stores the token after parsing the JSON response.
Step 3: Using the OAuth implementation
It’s quite easy to use OAuth framework’s implementation in your application.
When the page loads we check if the user is logged in and then call an instance of OAuthAuthorization. Next the TokenPair class uses this instance of OAuthAuthorization to construct a request. Remember to replace the strings in the function call with your Client ID and Client Secret. The last parameter contains a comma separated list of services for which you are requesting a token. Finally, request for a new access token using the refresh token.
Note: Remember to use try catch for exceptions resulting from alternative flows.
That’s it. Try running the app in the emulator and you will probably see this,
We are attaching the full project source code with this article. Download and use it as a reference. Remember to use your Client ID and Client Secret before deploying it.