Google API OAuth -- access token in hash fragment

jsloat · October 13, 2020, 10:57pm

I’m trying to set up Gmail OAuth in Scriptable, I got the initial auth to work using https://open.scriptable.app as the redirect URI. But it seems like Google returns the temporary access token in the hash fragment of the URL rather than a query parameter, as shown in their documentation example:

An access token response:
https://oauth2.example.com/callback#access_token=4/P7q7W91&token_type=Bearer&expires_in=3600

In Simon’s example for Slack OAuth, it seems like their API returns it as a query parameter.

The issue is that I can’t think of a way to access this portion of the URL that opens Scriptable – in the example above, args.queryParameters contains the token, but there’s no way I can find to access the full URL or hash fragment.

Has this been solved by anyone, or is there a workaround I’m missing?

Edit: I may be using the wrong grant type, I’ll follow up tomorrow.

jubi · October 14, 2020, 4:33am

I wrote an article about this recently. I hope
It helps you! https://www.artisanalsoftware.com/articles/a-hobbyist-s-google-api/

jsloat · October 14, 2020, 8:36am

Great post, thanks for sharing! I finally figured out how to get my script working – I needed to set response_type to code, not token. And I got this working with Scriptable with Web Application type credentials, not Desktop as you suggest in your post.

jubi · October 14, 2020, 1:42pm

And you got a refresh token that way? For some reason I didn’t think that worked!

jsloat · October 14, 2020, 2:44pm

Yep! Had to specify access_type: 'offline' to get the refresh token. And since I had already authorized the scope I had to force consent prompt again with prompt: 'consent' (since refresh token is only granted at the time of scope authorization)

jubi · October 14, 2020, 4:27pm

Ah I see I guess that extra offline param is the difference.