Tech Hub

This section will provide you steps to request access tokens with the specific scope http://www.googleapis.com/auth/androidpublisher using OAuth 2.0 Assertion Profile

Objective

• Generate Access token with OAuth 2.0 assertion profile

Requirements

• Coding expertise level: Medium
• Hands on Google OAuth
• Hands on JWT token JSON Web Tokens - jwt.io
• Aware of Service Account.
• How to get Access Token? You will be requiring the Endpoint to get token, the scope you are requesting access_token for. There are certain libraries out there which will do this stuff but let’s understand the basic so you can do it on your own without depending upon any libraries.

Why do we need this access_token?

• We need this access_token to call further in app purchase API verification calls like purchases.products or purchases.subscriptions APIs. So, for that we need to do complete the OAuth with the help of Service Account JSON file.

What do we read from the JSON file?

• 1. client_email
• 2. private_key

Sample Request

$ curl -X POST http://accounts.google.com/o/oauth2/token 
-H 'Content-Type: application/x-www-form-urlencoded'
-d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion= eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwbGF5LWRldmVsb3Blci1hcGlAcGMtYXBpLTU3MDg2MDAxMjU3MTE1Mjk1OTMtOTE4LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2FuZHJvaWRwdWJsaXNoZXIiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvdG9rZW4iLCJpYXQiOjE2NDkxNDczNzAsImV4cCI6MTY0OTE1MDk5M30'  

Required Parameters

By default, these parameters must be x-www-form-urlencoded and specified in the request body (as shown in the sample above). Also, to use a JWT Bearer Token as an authorization grant, use the following parameter values and encodings.

• grant_type – MUST be to the value of
• assertion – MUST contain a single JWT.

Let’s understand how to get access token

Step 1: Generate jwtToken

Headers:

The following example JSON object, used as the header of a JWT, declares that the JWT is signed with the RS256 algorithm 

Payload:

Below is an example JSON object that could be encoded to produce the JWT Claims Object for a JWT: 

Verify Signature:

- Encode your payload and headers with the PRIVATE_KEY extracted from the JSON file

We are going to use this encoded value as an assertion token in the next step.

Step 2: Create FORM DATA

We are going to pass this formData to the next step, i.e., HTTP call.

Step 3: Make HTTP POST call

Success response | 200 (OK)

Using this access token, you can call the subsequent API calls. See this document for usage.