Provided by: liblwp-authen-oauth2-perl_0.19-1_all 
NAME
LWP::Authen::OAuth2::ServiceProvider::Google - Google OAuth2
VERSION
version 0.19
SYNOPSIS
See LWP::Authen::OAuth2 for basic usage. The one general note is that "scope" is "scope"
is optional in the specification, but required for Google. Beyond that Google supports
many client types, and their behavior varies widely.
See <https://developers.google.com/accounts/docs/OAuth2> for Google's own documentation.
The documentation here is a Cliff Notes version of that, so look there for any necessary
clarification.
REGISTERING
Before you can use OAuth 2 with Google you need to register yourself as a client. For
that, go to <https://code.google.com/apis/console>. Follow their directions to create a
project, choose your "flow" (which is called your "client_type" in this document - look
ahead for advice on available types), and then you'll be given a "client_id" and
"client_secret". If you're in the Login, WebServer or Client client types you'll also
need to register a "redirect_uri" with them, which will need to be an "https://..." URL
under your control.
At that point you have all of the facts that you need to use this module. Be sure to keep
your "client_secret" secret - if someone else gets it and starts abusing it, Google
reserves the right to block you.
This module only handles the authorization step, after which it is up to you to figure out
how to use whatever API you want to access.
CLIENT TYPES
Google offers many client types. Here is the status of each one in this module:
Login
This is for applications that want to let Google manage their logins. See
<https://developers.google.com/accounts/docs/OAuth2Login> for Google's documentation.
This is not yet supported, and would require the use of JSON Web Tokens to support.
Web Server Application
This is intended for applications running on web servers, with the user sitting behind
a browser interacting with you. See
<https://developers.google.com/accounts/docs/OAuth2WebServer> for Google's
documentation.
It can be specified in the constructor with:
client_type => "web server",
however that is not necessary since it is also the assumed default if no client_type
is specified.
After registering yourself as a client with Google, you will need to specify the
"redirect_uri" as an https URL under your control. If you just need this for one or
two accounts there is no need to actually build anything at that URL - just go through
the authorization as those accounts and grab your "code" from the URL. If you will
support many, making that URL useful is your responsibility.
With this client type you are not guaranteed a refresh token, so the constructor does
not require "client_id" and "client_secret". (Passing them there is still likely to
be convenient for you.) However there are several optional arguments available to
"$oauth2->authorization_url(...)" that are worth taking note of:
"access_type"
Pass "access_type => "offline"," to "$oauth2-"request_tokens(...)> to request
offline access. This means that you get a "refresh_token" which can be used to
refresh the access token without help from the user. The intent of this option is
to support things like software that delays posting a blog entry until a
particular time.
In light testing this did not work for me until I passed the next argument, but
then it worked perfectly.
"approval_prompt"
Pass "approval_prompt => "force"," to "$oauth2-"request_tokens(...)> to force the
user to see the approval screen. The default behavior without this is that the
user sees the approval screen the first time through, and on subsequent times just
gets an immediate redirect.
"login_hint"
If you think you know who the user is, you can pass an email in this parameter to
let Google know which account you are trying to access. Google thinks this may be
helpful if someone is logged into multiple accounts at the same time.
Client-side Application
This client type is only for JavaScript applications. See
<https://developers.google.com/accounts/docs/OAuth2UserAgent> for Google's
documentation.
This is not supported since Perl is not JavaScript.
Installed Application
This client type is for applications that run on the user's machine, which can control
a browser. See <https://developers.google.com/accounts/docs/OAuth2InstalledApp> for
Google's documentation.
It can be specified in the constructor with:
client_type => "installed",
On the first time it is the client's responsibility to open a browser and send the
user to "$oauth2-"authorization_url(...)>. If you pass in "redirect_uri =>
"http://localhost:$port"," then your application is expected to be listening on that
port. If you instead pass in "redirect_uri => "urn:ietf:wg:oauth:2.0:oob"," then the
code you need will be in the "title" inside of the page the browser is redirected to,
and you'll need to grab it from there.
The returned tokens always give you a refresh token, so you only have to go through
this once per user.
The only special authorization argument is "login_hint", which means the same thing
that it does for webserver applications.
Devices
This client_type is for applications that run on the user's machine, which do not
control a browser. See <https://developers.google.com/accounts/docs/OAuth2ForDevices>
for Google's documentation.
This client_type is not supported because I have not yet thought through how to handle
the required polling step of setting up permissions.
Service Account
This client_type is for applications that login to the developer's account using the
developer's credentials. See
<https://developers.google.com/accounts/docs/OAuth2ServiceAccount> for Google's
documentation.
This is not yet supported, and would require the use of JSON Web Tokens to support.
AUTHORS
• Ben Tilly, <btilly at gmail.com>
• Thomas Klausner <domm@plix.at>
COPYRIGHT AND LICENSE
This software is copyright (c) 2013 - 2022 by Ben Tilly, Rent.com, Thomas Klausner.
This is free software; you can redistribute it and/or modify it under the same terms as
the Perl 5 programming language system itself.
perl v5.34.0 2022LWP::Authen::OAuth2::ServiceProvider::Google(3pm)