I read the information and examples from the Sign in with Google Guides and the Google Identity Services JavaScript SDK Guides and I managed to set up authorization using Tokens to Google Cloud APIs. Unfortunately, I still get a login prompt to select my Google Account every time I load the page even after the user consent has been given on first login.
I saw that requestAccessToken
allows specifying a user email as hint
via OverridableTokenClientConfig
for the login, but even if I specify the hint
I still get the login prompt every time requestAccessToken
is running.
Ultimately, I want to use Sign in with Google to allow the user to automatically sign in and provide user information like email to the app. Then requestAccessToken
should use that email to request the token without prompting the user again (except for the first time where the user needs to give consent to the devstorage.full_control
scope).
This is the current code I'm using (to run it, you need to insert a valid clientId, bucket and object):
<html>
<head>
<!-- Google Identity Service see https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#gis-and-gapi -->
<script src="https://accounts.google.com/gsi/client" onload="initTokenClient()" async defer></script>
<script>
var tokenClient;
var access_token;
var clientId = '123456789012-abcdefghijklmnopqrstuvxyz123456.apps.googleusercontent.com';
var email = '[email protected]'
var bucket = 'private-bucket'
var object = 'private-object.json'
function initTokenClient() {
tokenClient = google.accounts.oauth2.initTokenClient({
client_id: clientId,
scope: 'https://www.googleapis.com/auth/devstorage.full_control',
callback: (tokenResponse) => {
access_token = tokenResponse.access_token;
},
});
}
function getToken() {
// Re-entrant function to request user consent.
// Returns an access token to the callback specified in google.accounts.oauth2.initTokenClient
// Use a user gesture to call this function and obtain a new, valid access token
// when the previous token expires and a 401 status code is returned by Google API calls.
tokenClient.requestAccessToken({
hint: email
}
);
}
function getObject() {
fetch('https://storage.googleapis.com/storage/v1/b/' + bucket + '/o/' + object + '?alt=media', {
headers: {
'Authorization': 'Bearer ' + access_token
}
})
.then(response => response.json())
.then(content => console.log(content))
.catch(err => { console.log(err) });
}
</script>
</head>
<body>
<button onclick="getToken();">Get access token</button>
<button onclick="getObject()">Load Object</button>
</body>
</html>
Getting the access token always opens a login prompt like this