Explore our sites

Stack Exchange
tour help careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 4 down vote favorite

I'm working on a dashboard for my colleagues that shows a few stats from Google Analytics next to some other statistics. To get access to the Analytics data I use OAuth2. OAuth2 requires a scope to get send along with the authentication request in order to get access tokens. I created a client ID in the APIs Console that has access to Analytics, and specify the scope in an initializer that looks like this:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'http://gdata.youtube.com,userinfo.email,userinfo.profile,analytics.readonly' }
end

This uses the omniauth-google-oauth2 gem, and the scope I found in an example somewhere. However, for my implementation, I think this scope is strange. Instead of http://gdata.youtube.com,userinfo.email,userinfo.profile,analytics.readonly I would like to use https://www.googleapis.com/auth/analytics.readonly, but changing to that scope causes the request to return invalid_credentials. What is the correct way to specify only access to analytics data is needed?

share|improve this question
 
Hey Jasper could you copy paste all the info that you have on the invalid_credentials error? For instance do you know when it occurs, is it during the initial auth (where you redirect the user to the grant page) or does it happen during the code exchange... –  Nivco Dec 5 '12 at 15:51
 
Tnx for the response Nivco. I'm very busy right now but I'll add the info this evening. –  Jasper Kennis Dec 10 '12 at 12:42
 
The error is send along with the redirect to the redirect uri. –  Jasper Kennis Dec 11 '12 at 0:01
add comment

1 Answer

up vote 3 down vote
+25

Scopes should be seperated by a space character, not a comma:

https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl

if you need Youtube and Analytics scopes use:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'http://gdata.youtube.com,userinfo.email https://www.googleapis.com/auth/analytics.readonly' }
end

if you need just Analytics, use:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'https://www.googleapis.com/auth/analytics.readonly' }
end
share|improve this answer
 
Thanks for the corrections in my spelling;) Sadly, it seems that the scope you suggest in the second example triggers the error, and I stil don't get why. –  Jasper Kennis Dec 10 '12 at 23:59
 
Well this is sad. Your answer didn't even solve my problem:( –  Jasper Kennis Dec 12 '12 at 12:11
 
why is approval_prompt blank? Try removing it or setting it to auto. Have you confirmed your Client ID/Secret work if used with the API Explorer? developers.google.com/oauthplayground (Click the gear icon at the top right to switch to using your own client id/secret) –  Jay Lee Dec 12 '12 at 12:58
 
Thanks for helping me out some more:) I found that approval_prompt was supposed to be blank somewhere, not really sure where anymore. However adding or removing it doesn't make a difference. I've tested my id and secret in the playground, it works there. That doesn't surprise me because the same credential info does work when authorizing for YouTube AND Analytics. –  Jasper Kennis Dec 15 '12 at 14:34
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.