Thanks to the wide spread API adoption, these days every system can be easily integrated by consuming published APIs. With APIs exposed, consuming applications can be more creative and build their own front-ends with enhanced/targeted functionalities. Imagine creating custom application which can access all your files/photos stored in different cloud locations, sort them, re-arrange and create albums with a click of a button. This custom application is possible if all cloud locations expose required data via APIs. Before you access these files, your custom application will need authenticate with the cloud locations. In this blog post I will uncover how to authenticate and access files within Google Drive. Based on my experiences, I felt google documentation is cryptic and difficult than some of the other providers. However, this post should help in setting up everything needed related to Drive. There can be two ways you can authenticate with Google Drive.
- Authenticating via OAuth2 token
- Authenticating using JWT token
Authenticating via OAuth2
OAuth2 is a framework which delegates user authentication to service which hosts user accounts. What this means in layman terms is if I were to authenticate a user to my website, I will have to ask new users to create a account with me, maintain existing users in some databse and build authentication module to authenticate user. However, a easier option would be to delegate the authentication to google/facebook/twitter and not having to create additional code/infrastructure. Once the user is authenticated via google/facebook/twitter, I will be provided a token and limited access to account information which can be useful in populating user information within my site. For more information about the workings of OAuth2, I would suggest to read https://oauth.net/2/
Inorder to use OAuth2, the client application needs to register itself with the provider who is going to authenticate the user. In our example, the client application is mule application and provider is google. Which means for me to use google for authentication, I will first go ahead and register my application.
Step1: Registering with provider
Navigate to https://console.developers.google.com and Create New Project
Once the Project is created, click on Credentials on the left and click on Create Credentials button(Make sure you have selected the project you just created from the drop down next to Google APIs) and select OAuth ID
You will be asked to create consent screen where you can specify the ApplicationName, Policy and Terms of Service URL.
After your have created consent screen, you will be redirected back to create oauth client page where you will need to select the application type and enter the redirect URL. Redirect URL is where user will be redirected once authentication is completed. Since I am running my application on my local machine, I have mentioned http://localhost:8082/callback as the redirect url
Once you hit on create, you will be given Client ID and Client Secret. Copy these as we will need this while configure our Mule application to perform OAuth2 authentication.
Step 2: Configure Mule application
Create a simple Mule application with HTTP Listener listening on http://localhost:8081 and HTTP Requester requesting for drive files
On Authentication tab, select OAuth2 – Authorization Code and provide Client Id, Secret and other details for OAuth 2
Note on Redirection URL and Local Authentication URL: You dont need to create flows for these separately, Mule auto creates the listener for the host, port and path based on the values specified. If you already have a listener with same port, the application will not start as the port number needs to be unique.
Scopes mentioned in the OAuth2 indicates what resources does the client application get access to. If you dont select the right scope, you may have trouble fetching the content. List of available scopes: https://developers.google.com/identity/protocols/googlescopes
Once the mule application is running, if you navigate to http://localhost:8081/ your should get below error indicating that no token is available which means user was not authenticated.
Inorder to authenticate the user, navigate to http://localhost:8082/login (this is the same url we specified while configuring the OAuth2 in HTTP Request Configuration)
Once the user logs in, google will show another page asking user permission to grant MuleApplication access to files. The message you see here will differ based on what scopes mentioned while configuring the OAuth2 on HTTP Listener
Once ALLOW button is hit, user should be navigated back to the callback URL
Now go back and try to access again the mule api url http://localhost:8081/ and you will notice that you can still not access the files from Drive. However you will now get a different error indicating 403
So what was missed? Switching on DEBUG logs will indicate that no APIs were enabled on Drive. To fix this, head back to API Dashboard (https://console.developers.google.com) and click on “Enable APIS AND SERVICES” and search for drive, Select Google Drive API and hit ENABLE
Once the above step is completed, go back to the Mule application url (http://localhost:8081/) and you should now see that mule application was successfully able to authenticate google drive and pull files.
NOTE: You can only get files which are owned by the account you used to authenticate google drive.
References:
Drive Authorization: https://developers.google.com/drive/api/v2/about-auth
Scopes: https://developers.google.com/identity/protocols/googlescopes#drivev3
