From my client side, I have taken an authorization code using the google.accounts.oauth2.initCodeClient() with ux_mode set to popup. I would be passing the code to my server side so it could be the one making calls to the API. I'm trying to follow the following step provided by Google:
After your backend platform receives an authorization code from Google and verifies the request, use the auth code to obtain access and refresh tokens from Google to make API calls.
Follow the instructions starting at Step 5: Exchange authorization code for refresh and access tokens of the Using OAuth 2.0 for Web Server Applications guide.
But I have no idea how how to configure it.
class GoogleAuthorizationView(APIView):
def post(self, request):
authoriztion_code = request.data.get("authorization_code")
if authoriztion_code is None:
return Response(
{"error": "Please provide a valid authorization code"},
status=status.HTTP_400_BAD_REQUEST,
)
flow = Flow.from_client_secrets_file(
"path/to/client_secret.json",
scopes=[
"https://www.googleapis.com/auth/userinfo.profile",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/user.birthday.read",
],
# I only added this because it's giving me error if not present.
redirect_uri="http://127.0.0.1:8000/google-authorize/",
)
flow.fetch_token(code=authoriztion_code)
credential = flow.credentials
print(credential)
This is my attempt to exchange my code to access token, but it's giving me (invalid_grant) Bad request. For context, I am using Django on my backend. What did I miss? Am I supposed to use Flow? I don't really need to redirect the user.
