Some Google services, such as Drive, Gmail, and many others, provide public APIs that you can use to create apps that help users work with their data in these services. To access these services, apps must implement one of the OAuth 2.0 client flows to get consent from users and obtain access tokens , which grant access to the APIs.
You can use the Google Sign-In library, which implements the OAuth 2.0 flow for you, to get access tokens for the signed-in user.
Before you begin
You must complete the basic Google Sign-In integration .
1. Check which scopes have been granted
Before you make a call to a Google API, check which scopes have already been
granted to your app, using the grantedScopes
property of GIDGoogleUser
:
Swift
let
driveScope
=
" https
:
//www.googleapis.com/auth/drive.readonly
" let
grantedScopes
=
user
.
grantedScopes
if
grantedScopes
==
nil
||
!
grantedScopes
!.
contains
(
driveScope
)
{
// Request additional Drive scope.
}
Objective-C
NSString
*
driveScope
=
@
" https
:
//www.googleapis.com/auth/drive.readonly";
// Check if the user has granted the Drive scope
if
(
!
[
user
.
grantedScopes
containsObject
:
driveScope
])
{
// request additional drive scope
}
Based on whether or not a certain scope has been granted by the user, you might need to make a request for an additional scope in order to support a particular interaction.
2. Request additional scopes
If you need to request additional scopes, call addScopes:presentingViewController:completion
or addScopes:presentingWindow:completion
to ask the user to grant your app
additional access.
For example, to request read-only access to a user's Drive files:
Swift
let
additionalScopes
=
[
" https
:
//www.googleapis.com/auth/drive.readonly"]
guard
let
currentUser
=
GIDSignIn
.
sharedInstance
.
currentUser
else
{
return
;
/* Not signed in. */
}
currentUser
.
addScopes
(
additionalScopes
,
presenting
:
self
)
{
signInResult
,
error
in
guard
error
==
nil
else
{
return
}
guard
let
signInResult
=
signInResult
else
{
return
}
// Check if the user granted access to the scopes you requested.
}
Objective-C
NSArray
*
additionalScopes
=
@[
@
" https
:
//www.googleapis.com/auth/drive.readonly" ];
GIDGoogleUser
*
currentUser
=
GIDSignIn
.
sharedInstance
.
currentUser
;
[
currentUser
addScopes
:
additionalScopes
presentingViewController
:
self
completion
:
^
(
GIDSignInResult
*
_Nullable
signInResult
,
NSError
*
_Nullable
error
)
{
if
(
error
)
{
return
;
}
if
(
signInResult
==
nil
)
{
return
;
}
// Check if the user granted access to the scopes you requested.
}];
3. Make an API call with fresh tokens
To ensure that your Google API calls always have unexpired access tokens
attached, wrap the calls in a refreshTokensIfNeededWithCompletion:
block:
Swift
currentUser
.
refreshTokensIfNeeded
{
user
,
error
in
guard
error
==
nil
else
{
return
}
guard
let
user
=
user
else
{
return
}
// Get the access token to attach it to a REST or gRPC request.
let
accessToken
=
user
.
accessToken
.
tokenString
// Or, get an object that conforms to GTMFetcherAuthorizationProtocol for
// use with GTMAppAuth and the Google APIs client library.
let
authorizer
=
user
.
fetcherAuthorizer
()
}
Objective-C
[
currentUser
refreshTokensIfNeededWithCompletion
:^
(
GIDGoogleUser
*
_Nullable
user
,
NSError
*
_Nullable
error
)
{
if
(
error
)
{
return
;
}
if
(
user
==
nil
)
{
return
;
}
// Get the access token to attach it to a REST or gRPC request.
NSString
*
accessToken
=
user
.
accessToken
.
tokenString
;
// Or, get an object that conforms to GTMFetcherAuthorizationProtocol for
// use with GTMAppAuth and the Google APIs client library.
id<GTMFetcherAuthorizationProtocol>
authorizer
=
[
user
fetcherAuthorizer
];
}];
Use the access token to call the API, by either including the access token in
the header of a REST or gRPC request ( Authorization: Bearer ACCESS_TOKEN
),
or by using the fetcher authorizer with the Google APIs Client Library
.