Skip to content

#95_Fetching_GoogleFit_Data

Jump to bottom
Shane edited this page Apr 25, 2019 · 1 revision

Spike #95 - Fetching Data from Google Fit Cloud

Shane Vincent - 25/04/2019

Goals / Deliverables

Find a method of gathering data from Google Fit's Cloud servers. This problem can be broken down into multiple smaller ones:

  • How to access Google Fit's API
  • How to authenticate with user's access credentials
  • How to access user's Google Fit data

Technologies, Tools and Resources Used

What we found out

Setting up Google Fit's API

Requirements

We must have a Google account for the development. Ensure that you are logged in with that account when doing the following steps. If you do not have one, go here and sign up. We must know the URL that our REST API requests will be coming from.

We must request an OAuth 2.0 client ID to access Google Fit's API:

  • Go to the Google API Console
  • Select 'Create a project' for the first selection, agree to the terms and conditions and click to continue.
  • Click to Continue.
  • Click to Go to credentials.
  • Click on the left-hand Credentials tab.
  • Go to the OAuth Consent Screen and configure the app's name, logo and email.
  • Click on the top Credentials tab and click Create Credentials, select OAuth client ID.
  • Select Web application. Enter a name for the OAuth Client ID.
  • In Authorized JavaScript origins, we must enter the URL that the REST API requests will be coming from.
  • In Authorized redirect URI, we must enter the URL where responses will be handled.
  • Click Create. The OAuth client ID and client secret will be displayed. Save these details for later.

Authorization from users

  • While you are logged in with your developer Google, go to here
  • Follow the steps to Activate your API. (I have already created an account, so for the purposes of this project we could possibly all use my account)
  • Click on the Library tab on the left. Ensure that your project is selected in the top left (next to 'Google APIs' banner) and search for 'Fitness'
  • Click on the Fitness API and ensure that it says 'API Enabled'
  • Identify which scopes will need to be accessed. The scopes can be found here

Call to Google's OAuth2.0 server for authorization code

Below is sample code of an authorization call. This must be in a window that redirects to this site that the user can agree to in order to provide authorization. Information on the parameters passed in is below the sample code.

		https://accounts.google.com/o/oauth2/v2/auth?
		scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&
		access_type=offline&
		state=state_parameter_passthrough_value&
		redirect_uri=http%3A%2F%2Foauth2.example.com%2Fcallback&
		response_type=code&
		client_id=client_id

Below is information on how to setup the passed in parameters. Any parameters in bold are mandatory.

  • client-id : The Client ID of our application (given in the Setting Up Google's API section in this document)

  • redirect-url : Determines where the API server redirects the user after the user completes the authorization flow. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in the API Console. If this value doesn't match an authorized URI, you will get a 'redirect_uri_mismatch' error. Note that the http or https scheme, case, and trailing slash ('/') must all match.

  • scope : A space-delimited list of scopes that identify the resources that your application could access on the user's behalf. These values inform the consent screen that Google displays to the user.

  • access-type : Indicates whether your application can refresh access tokens when the user is not present at the browser. Valid parameter values are online, which is the default value, and offline. Set the value to offline if your application needs to refresh access tokens when the user is not present at the browser. This is the method of refreshing access tokens described later in this document. This value instructs the Google authorization server to return a refresh token and an access token the first time that your application exchanges an authorization code for tokens

  • state : Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response. The server returns the exact value that you send as a name=value pair in the hash (#) fragment of the redirect_uri after the user consents to or denies your application's access request.

The above parameters are the only ones relevant to our project, though there are more parameters available. See here for more information.

Response from request for authorization code

The response from the OAuth2.0 server will be sent to the URL that you setup in the Setting up Google Fit's API section above (Authorized redirect URI). The response will look like one of the below:

Error response: https://oauth2.example.com/auth?error=access_denied

Authorization response: https://oauth2.example.com/auth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7

Exchanging the authorization code for Refresh and Access Tokens

In order to exchange the code for access tokens, you will need to call the following endpoint:

https://www.googleapis.com/oauth2/v4/token

Use the parameters below to pass through the required information. All parameters are mandatory.

  • code : The authorization code (eg. 4/P7q7W91a-oMsCeLvIaQm6bTrgtp7 from the example above)

  • client_id : Client ID obtained from the API console

  • client_secret : Client secret obtained from the API console (when we set it up earlier in this process)

  • redirect_uri : Must be one of the redirect URIs listed when we setup our project in the API console

  • grant_type : As defined in the OAuth2.0 spec, this field must always contain a value of authorization_code

See below for a sample request:

		POST /oauth2/v4/token HTTP/1.1
		Host: www.googleapis.com
		Content-Type: application/x-www-form-urlencoded

		code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
		client_id=your_client_id&
		client_secret=your_client_secret&
		redirect_uri=https://oauth2.example.com/code&
		grant_type=authorization_code

Response from request of access and refresh tokens

Google responds to this request by returning a JSON object that contains a short-lived access token and a refresh token. Note that the refresh token is only returned if your application set the access_type parameter to offline in the initial request to Google's authorization server.

The response will contain the following fields:

  • access_token : The token that our app sends to authorize a Google API request

  • refresh_token : A token that we can use to obtain a new access token. Refresh tokens are valid until the user revokes access.

  • expires_in : Remaining life of the access token (seconds)

  • token_type : The type of token returned. This field will always be set to Bearer

See below for a sample response:

		{
		  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
		  "expires_in":3920,
		  "token_type":"Bearer",
		  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
		}

Refreshing an access token

Make a HTTP POST request to Google's Authentication server (https://www.googleapis.com/oauth2/v4/token) that includes the following parameters:

  • refresh_token : Refresh token given when tokens were received

  • client_id : Client ID obtained from the API console

  • client_secret : Client secret obtained from the API console

  • grant_type : As defined in the OAuth2.0 spec, this field must always contain the value refresh_token

How to access user's Google Fit data

To access data from a user, use a GET request and include the access token that we received earlier. See the example of the GET request below:

https://www.googleapis.com/drive/v2/files?access_token=<access_token>

Home

Spike reports

About

Documents

Clone this wiki locally