Verifying Google OAuth auth code on the back-end

README.md

This is the "missing Ruby example" for the ID flow example at https://developers.google.com/identity/sign-in/web/server-side-flow.

It's easy enough to get an auth code like "4/BlahBlahBlah...", but I couldn't find any working examples on how to exchange it for the access code and encoded ID.

To use this, you need to access Google's API console, and under "credentials" establish a client ID and secret, which should go in your environment. (Most examples will use the "secrets.json" file, but I don't want to keep a separate config file for every platform, so it's better to put them in something like Rails' secret.yml or Figaro).

The auth_code is obtained from your web or native client using Google's front-end libraries. The client posts it to your own back-end, which does the exchange and verifies+stores the result. Note the redirect URI must be configured in Google's "credentials" console, otherwise the call will fail (even though it serves no purpose in this context; it's only needed for a non-JavaScript web app).

oauth.rb

class GoogleOAuth

  # example code: 4/BlahBlah... (112 chars)
  def self.exchange_auth_code(auth_code)

    result = Net::HTTP.post_form(
      URI('https://www.googleapis.com/oauth2/v4/token'),
      code: auth_code,
      client_id: ENV['GOOGLE_CLIENT_ID'],
      client_secret: ENV['GOOGLE_CLIENT_SECRET'],
      grant_type: 'authorization_code',
      redirect_uri: 'http://localhost:3000'
    )

    if result.code==200
      Rails.logger.info "OAuth auth code succeeded"
      puts result.to_json
    else
      Rails.logger.info "OAuth auth code failed #{result.code}\n#{result.body}"
    end

  end

end