Tag Archives | oAuth

PowerShell 3: Using Invoke-RestMethod to refresh a new oAuth 2 token

I wanted to translate this code into powershell. Below is the Powershell code to request a refresh token from Google using oAtuh 2.

$CLEINTID="1234567890.apps.googleusercontent.com"
$CLIENTSECRET="aBcDeFgHiJkLmNoPqRsTuVwXyZ"
$REFRESHTOKEN="1/551G1yXUqgkDGnkfFk6ZbjMLMDIMxo3JFc8lY8CAR-Q"

$URL = "https://accounts.google.com/o/oauth2/token"
$Body= 'client_secret={0}&grant_type=refresh_token&refresh_token={1}&client_id={2}' -f $CLIENTSECRET,$REFRESH_TOKEN,$CLEINTID
Invoke-RestMethod -URI $URL -Method Post -Body $Body

Hope that helps someone.

Using cURL, BASH and Google oAuth to access Google Analytics

In this previous post, I used cURL (the command line version) to interact with Google Analytics. I wanted to do the same thing but using oAuth. I took a lot from this page, but there were a few things that I couldn’t get working, and a few things I didn’t know.

Follow Steps 1-6 on this page. These are steps that you need to follow to get your app registered with Google

In step 6, copy down the code, and keep track of it. It needs to be reused every time you need to get a new token. If you loose it, then you need to run step 6 over again. I didn’t know that.

Here is my script. I will jump through the code below it.

#!/bin/bash
CODE="4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&amp"
CLEINTID="1234567890.apps.googleusercontent.com"
HEADER="Content-Type: application/x-www-form-urlencoded"
CLIENTSECRET="aBcDeFgHiJkLmNoPqRsTuVwXyZ"
REDIRECTURI="urn:ietf:wg:oauth:2.0:oob"

# I keep the ACCESS_TOKEN and the REFRESH_TOKEN in a file.
if [ -s ~/.google ];then
	ACCESS_TOKEN=$(cat ~/.gauth | grep access_token | awk -F"," '{print $2}' | tr -d ' ')
	REFRESH_TOKEN=$(cat ~/.gauth | grep refresh_token | awk -F"," '{print $2}' | tr -d ' ')
else
	# not used before
	NEWTOKEN=$(curl -s -d "code=$CODE&redirect_uri=$REDIRECTURI&client_id=$CLEINTID&scope=&client_secret=$CLIENTSECRET&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token)
	ACCESS_TOKEN=$(echo $NEWTOKEN | awk -F"," '{print $1}' | awk -F":" '{print $2}' | sed s/\"//g | tr -d ' ')
	REFRESH_TOKEN=$(echo $NEWTOKEN | awk -F"," '{print $4}' | awk -F":" '{print $2}' | sed s/\"//g | sed s/}// | tr -d ' ')
	echo access_token , $ACCESS_TOKEN > .google
	echo refresh_token , $REFRESH_TOKEN >> .google
fi
EXPIRED=$(curl -s https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$ACCESS_TOKEN | grep 'invalid_token')
if [ "$EXPIRED" ]       
then
	echo "EXPIRED"
	REFRESHRETURN=$(curl -s -d "client_secret=$CLIENTSECRET&grant_type=refresh_token&refresh_token=$REFRESH_TOKEN&client_id=$CLEINTID" https://accounts.google.com/o/oauth2/token)
	ACCESS_TOKEN=$(echo $REFRESHRETURN | awk -F"," '{print $1}' | awk -F":" '{print $2}' | sed s/\"//g | tr -d ' ')
	echo access_token , $ACCESS_TOKEN > .gauth
	echo refresh_token , $REFRESH_TOKEN >> .gauth
fi 
AUTH=$ACCESS_TOKEN
# now in your curl code to retrieve the google analytics data, you use --header "Authorization: OAuth $AUTH"

Lines 1-6: I am setting up my variables with data as described in the linked post.
Lines 8-11: I keep track of the current access token and the refresh token in a config file. If the file exists then parse out the values
Lines 12-19: This is the first time this has been run, so I need to create the file, and put in it a new token and the refresh token. Note the refresh token needs to be saved, and is only given to you once. I did not know that.
Line 20: checks to see if the access token is expired.
Lines 21-28: if the access token is expired, use the refresh token to get a new access token and then save it to the file.

That is it. I hope to translate into PowerShell next – I am sure this code exists, but this is how I learn.

Hope this helps someone.