I write a ton of system software and tools. I’ve written a few independent tools against the Google APIs. They use OAuth, as most reputable APIs do.
Unfortunately, manually integrating the authentication flow in your system (read: headless, non-interactive) tools is painful after doing it a couple of times and is at least as painful for your users to deal with, especially when they have to log-in to a system that they do not usually have to touch just to periodically debug authentication.
The normal flow:
- Developer: Request a URL from the Google client-tools.
- Developer: Present the URL to the user and have them open it in a browser.
- User: Logs-in.
- User: Acknowledge that the tool will be able to access user’s data.
- Google: Authorization portal provides a code/token.
- User: Provides the code to the tool at the command-line.
- Developer: Does a final authorization with Google using the token.
With some mild wizardry in our Python tools, we can reduce this down to two basic steps:
- Developer: Initialize the auto-authentication framework with Google application-identity information at program-load.
- User: Call the tool and authenticate and authorize when prompted.
The tool will automatically launch a webserver on an open port, open the default browser with the Google login and authorization prompt, and then write the authorization to disk.
In the event that you want or need to do things manually, a generic tool is provided that can produce URLs and accept authorization codes.
For more information, see python-googleautoauth.