Sign In With Google & Get User Info from Google+ Profile
At the start, authentication options for our site Burp (http://goburp.com) include regular email/password & Facebook Connect. For quite a while, I’ve been wanting to integrate Google Accounts Authentication.
I’ve looked at django-socialauth (http://social.matiasaguirre.net/) but it uses OpenID. I prefer a pure OAuth2 implementation similar to what Facebook & FourSquare uses.
Looking at Google’s documentation, it’s not easy to figure out. The Federated Login (http://code.google.com/apis/accounts/docs/OpenID.html) is just a pain to implement.
Google recently streamlined their API & they have libraries for every major programming language. Implementation is too complex though which includes a separate model to store credentials (see http://code.google.com/p/google-api-python-client/source/browse/oauth2client/django_orm.py).
OAuth2 implementation by FourSquare & Facebook is so simple that there must be a way to do that with Google: Get an authorization url, Get a code back & Exchange that for an access token. Then use that access token to access the API. Google has documentation for OAuth2 but it actually lacks information on how to get a user’s email address (http://code.google.com/apis/accounts/docs/OAuth2.html).
After scouring the internets, I finally stumbled into a PHP implementation. It has the scope (https://www.googleapis.com/auth/userinfo#email) that I’ve been looking for which is missing from Google’s documentation (http://code.google.com/apis/gdata/faq.html#AuthScopes). The OAuth2 steps are pretty standard except that the access token can be added to the header of the request instead of as a parameter in the url (http://code.google.com/apis/accounts/docs/OAuth2.html#CallingAnAPI).
This, however, only gets me the email address of the user. I also want to get the user’s name, location, gender, etc.
Luckily, Google just opened up an API for Google+.
By adding the scope – https://www.googleapis.com/auth/plus.me – to the OAuth2 call, our app will have access to the public info the user provided in their Google+ Profile. The People:get method (http://developers.google.com/+/api/latest/people/get) will provide you with the user’s Display Name, Location, and Profile Picture Url among others.
You can view the sample Django project at https://github.com/dannyroa/sign-in-with-google.