Authentication: OAuth2

OAuth2

These are instructions to complete authentication using OAuth2.

Note

This works, but it’s cumbersome because it’s only partially implemented. Consider using a service account instead.

Requirements

  1. You must have a Google account (e.g., Gmail address) that is authorized make API calls through the project that is defined by the GOOGLE_CLOUD_PROJECT environment variable.

  2. You must be added to the list of authorized test users, and obtain the client ID and client secret. Contact us. (This is a Google requirement for apps in dev.)

  3. You will have to re-authenticate every time you instantiate a new auth or client object.

Authentication Workflow

  1. Set environment variables named PITTGOOGLE_OAUTH_CLIENT_ID and PITTGOOGLE_OAUTH_CLIENT_SECRET to values obtained from Pitt-Google broker.

  2. Make an API call.

  3. The process will hang and ask you to visit a URL to complete authentication. Follow the instructions.

  4. Log in with the Google account attached to your project.

  5. Authorize the Pitt-Google app to make API calls on your behalf. This only needs to be done once for each API access scope (e.g., Pub/Sub, BigQuery, and Logging).

  6. Respond to the prompt on the command line by entering the full URL of the webpage you are redirected to after completing the above.