An Introduction to OAuth 2 and Google APIs

#google cloud

google-apps-gsuite

OAuth 2, in simple English, is a simple protocol that makes it easy for third-party applications to access a user’s account without the user having to give out their username and password to the application. Let me explain with an example.

The Save Emails addon downloads email messages from a user’s Gmail account to their Google Drive. The addon is the third-party application in this case and it can use OAuth 2.0 to obtain permission from the user to access their Gmail and Google Drive via standard Google APIs. The user can revoke access to the addon anytime. Also, if the user changes the password of their Google account later, the OAuth 2 connection will continue to work.

OAuth 2.0 Flow and Google APIs

The OAuth 2.0 flow is something like this.

  1. You create a new project in the Google Console for your application and generate the client ID and client secret. These keys are known both to your application and Google.
  2. Enable the various Google APIs that your application would use to obtain data from the user’s account. For instance, if you are the admin of a Google Apps domain, you may want to activate the Admin Directory SDK to get a list of all users in the domain.
  3. The application then redirects the browser to a  URL on the Google server. Here the user needs to give consent on whether the application should be granted access to their data on not.
  4. If the user approves, the Google Authorization Server redirects the user back to your application with a single-use authorization code that can be exchanged for a short-lived access token and a refresh token.
  5. Store the tokens in Google Cloud Storage, Firebase, MySQL database or even the local filesystem for command line applications.
  6. All future requests to the Google APIs should include this access token. The access token expires after some time so your application can use the refresh token to obtain a new access token. The refresh tokens do not expire.

In the next section, we’ll build a simple web application that uses OAuth 2.0 with Gmail API and Google PHP library to generate a list of all labels in the user’s mailbox.

Build OAuth 2 Application with Google APIs

Up Next →

How to Automatically Format Google Form Responses in Google Sheets

Learn how to automatically maintain consistent formatting, styles, and date formats when new Google Form responses are added to your Google Sheets.

→  Essential Mac Apps and Utilities - 2025 Edition

→  How to Work with Document Tabs in Google Apps Script

→  Create a Keyboard Shortcut for Apple Intelligence Writing Tools on Mac

→  How to Generate Software License Keys and Verify Them

→  How to Accept Online Payments with Zoho Payments

Amit Agarwal is a web geek, solo entrepreneur and loves making things on the Internet. Google recently awarded him the Google Developer Expert and Google Cloud Champion title for his work on Google Workspace and Google Apps Script.

Awards & Recognition

Google Developer Expert

Google Developer Expert

Google awarded us the Developer Expert title recogizing our work in Workspace

ProductHunt Golden Kitty

ProductHunt Golden Kitty

Our Gmail tool won the Lifehack of the Year award at ProductHunt Golden Kitty Awards

Microsoft MVP Alumni

Microsoft MVP Alumni

Microsoft awarded us the Most Valuable Professional title for 5 years in a row

Google Cloud Champion

Google Cloud Champion

Google awarded us the Champion Innovator award for technical expertise

Want to stay up to date?
Sign up for our email newsletter.

We will never send any spam emails. Promise 🫶🏻