Skip to content
Austin Story edited this page Oct 26, 2020 · 13 revisions

FAQ's

Where can I get my API key?

Get your API key at https://code.google.com/apis/console/

Where is the omniauth path to start the oauth2 handshake?

auth/google_oauth2

What does a response from google look like during the handshake?

{
  "provider" => "google_oauth2",
  "uid" => "100000000000000000000",
  "info" => {
    "name" => "John Smith",
    "email" => "john@example.com",
    "first_name" => "John",
    "last_name" => "Smith",
    "image" => "https://lh4.googleusercontent.com/photo.jpg",
    "urls" => {
      "google" => "https://plus.google.com/+JohnSmith"
    }
  },
  "credentials" => {
    "token" => "TOKEN",
    "refresh_token" => "REFRESH_TOKEN",
    "expires_at" => 1496120719,
    "expires" => true
  },
  "extra" => {
    "id_token" => "ID_TOKEN",
    "id_info" => {
      "azp" => "APP_ID",
      "aud" => "APP_ID",
      "sub" => "100000000000000000000",
      "email" => "john@example.com",
      "email_verified" => true,
      "at_hash" => "HK6E_P6Dh8Y93mRNtsDB1Q",
      "iss" => "accounts.google.com",
      "iat" => 1496117119,
      "exp" => 1496120719
    },
    "raw_info" => {
      "kind" => "plus#personOpenIdConnect",
      "gender" => "male",
      "sub" => "100000000000000000000",
      "name" => "John Smith",
      "given_name" => "John",
      "family_name" => "Smith",
      "profile" => "https://plus.google.com/+JohnSmith",
      "picture" => "https://lh4.googleusercontent.com/photo.jpg?sz=50",
      "email" => "john@example.com",
      "email_verified" => "true",
      "locale" => "en",
      "hd" => "company.com"
    }
  }
}

Tips on the scope parameter

How to limit domains allowed for google at request time

As part of configuring the provider you can statically declare hd in order to limit the domains that can be requested from google.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], { hd: 'example.com' } 
end

To do this at runtime, the best way that i have found is to request to the authorize_path with the parameters you would like to inject.

# in rails link
Rails.application.routes.url_helpers.user_google_oauth2_omniauth_authorize_path({ hd: 'example.com' })