Skip to content

OAuth for Google Data API – not that easy to implement

Google are fantastic at building APIs, but their authentication mechanisms (while I’m sure are very secure) are not always the easiest thing to implement.

I’m working with the Google Data APIs at the moment for my project, for which an app needs access to google accounts, cue OAuth.

Anyone who doesn’t agree it is difficult to use need look no further than the exceptions you can expect if something goes wrong:

Yay! There’s no short-cut either. One thing to be thankful for is the fact that the ClientLogin authentication mechanism (really only meant for installed apps) can be implemented in two lines of code and provides a great way of testing web apps in the development phase. Unfortunately eventually you’ll have to implement OAuth if you want a properly secure web app for your users.

I will try and post some advice to others that need to implement OAuth once I figure it out. Even Google themselves admit in the documentation it is not the easiest of things to use, which does speak volumes. Supposedly however it helps make your apps authentication extensible if using other providers web services, although I’ve yet to check how many other web service providers use OAuth.

Leave a Reply