This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Refresh token, Reciever and TLS in Java

Posted on 08-15-2023 09:42 AM
GarrafaGalactic
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I'm encountering an issue with the YouTube Data API and the OAuth 2.0 authorization process. I've been following the example Java code and have something like this:

InputStream in = ApiExample.class.getResourceAsStream(CLIENT_SECRETS);
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));

FileCredentialStore credentialStore = new FileCredentialStore(new File("youtube-api.json"), JSON_FACTORY);

GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(httpTransport, JSON_FACTORY, clientSecrets, SCOPES)
.setCredentialStore(credentialStore)
.setAccessType("offline")
.build();

LocalServerReceiver localReceiver = new LocalServerReceiver.Builder()
.setPort(9080)
.setHost("myweb")
.build();

Credential credential = new AuthorizationCodeInstalledApp(flow, localReceiver).authorize("user");
return credential;
I've modified the code to receive a refresh token so that I can manually go through the authorization process just once. However, for this to work, my project needs to be in production. This requires the redirect_uri in my credentials to be set to an HTTPS address. I can address this part.

The challenge I'm facing is that the redirect_uri generated by the LocalServerReceiver is in HTTP, and I'm unsure how to modify the receiver to use HTTPS while maintaining similar functionality.

2 1 1,213
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @GarrafaGalactic ,

You can follow this steps on how you can modify your code to use HTTPS with the LocalServerReceiver:

1. Before you switch to HTTPS, you'll need to create a self-signed SSL certificate for local development purposes. You can use tools like openssl to generate a self-signed certificate.

2. Extend the LocalServerReceiver class to use HTTPS. This involves creating an HTTPS server instead of an HTTP server.

import com.google.api.client.extensions.java6.auth.oauth2.LocalServerReceiver;

public class LocalServerReceiverWithSSL extends LocalServerReceiver {
public LocalServerReceiverWithSSL() throws IOException {
super.Builder()
.setHost("localhost")
.setPort(9443) // Choose a suitable port for HTTPS
.build();
}
}

3. Update your Authorization Code Flow. You can use the modified LocalServerReceiverWithSSL in your authorization code flow setup below : 

LocalServerReceiverWithSSL localReceiver = new LocalServerReceiverWithSSL();

Credential credential = new AuthorizationCodeInstalledApp(flow, localReceiver).authorize("user");
return credential;

4. You'll need to make sure your application knows about the SSL certificate you created. This involves creating a special storage place called a "keystore" to hold the certificate information.

Keep in mind that when you use self-made certificates, your browser could show security alerts. This approach is better for testing on your computer. For a real website, you'd get a proper SSL certificate from a trusted source.

Also, handling SSL certificates and setting up HTTPS can be a bit tricky, especially if these terms are new to you. Just remember to follow security guidelines for the best results.

 

0 Likes
Top Labels in this Space
Top Solution Authors
View all