FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Access google calendars of multiple google accounts (with user permission)

    Scheduled Pinned Locked Moved Solved
    Q&A
    google calendar api access
    2
    4
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      Hiya,

      We have a situation where we have users. Each user has 1 or more Google accounts. We want to be able to read events from a calendar using Google APIs.

      Is this something that FusionAuth can help with?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @dan
        last edited by

        Sure!

        This is a case of Third-Party Service Authorization where your application is trying to access data on behalf of users held by another party (Google in this case).

        This will require some integration work on your part, but the basic steps are:

        • Integrate your application with FusionAuth (our quickstarts are a good place to start). Make sure you check the 'keep me signed in' value set, using a hidden field.
        • Set up an Identity Provider. You don't want to use the Google Identity Provider because it doesn't support the prompt URL parameter.
          • Use the OIDC Identity Provider with the prompt parameter set to select_account to let the users pick different accounts, and make sure you set access_type to offline to get a refresh token. More here.
          • Set the Linking strategy to Pending.
          • You'll also need to set up your Google scopes correctly. Based on your question, you'll want to use https://www.googleapis.com/auth/calendar.events.readonly as an additional scope.
          • You'll want to follow the Google Identity Provider instructions insofar as they pertain to navigating the Google Cloud Console.
        • Create an 'connect your account with google' button in your application. This should point to the OIDC Identity Provider. You can use an idp_hint to send the user directly to Google when they click it.
        • After they return from google, having selected their account, they should be logged in to your application. (It's possible with Pending they'll be prompted to login to your application again, but I don't think so. Would have to test.) They'll also have a link that is accessible via the Link API. That link will contain the refresh token in the token field.
          • You can also iterate all the links in your application using one of our client libraries to display to the user which google accounts they have connected.

        Now you have connected 1 or more Google accounts to a FusionAuth account.

        Next, when you want to retrieve calendar events for your application to process, take these steps:

        • Call the Links API for the user to retrieve all the links
        • Retrieve the Google refresh token from the token field
        • Get a fresh access token using the Refresh grant
        • Use the access token to retrieve the event data using either the API or a Google SDK.
        • ... profit!

        If the refresh token has expired (you don't get back a valid access token), inform the user and have them go through the authorization process again.

        Hope this helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        A 1 Reply Last reply Reply Quote 0
        • danD dan has marked this topic as solved on
        • A
          alex 3 @dan
          last edited by

          @dan Hi @dan . Thanks for your detailed guide. I have almost the same situation to solve.
          But I have related question - is it possible to not select a user to create a panding link? I don't want to have 'keep me signed in' checkbox. Instead, I would like to ask my backend to bind a link to the current user using the FusionAuth API.

          danD 1 Reply Last reply Reply Quote 0
          • danD
            dan @alex 3
            last edited by

            @alex-3 I'm a bit unclear on what you are trying to do.

            Can you outline the exact steps you want to take?

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • F fusionauth.qhj5e referenced this topic on
            • First post
              Last post