Access Google APIs in an iOS app

    • To access Google services APIs like Drive and Gmail, apps need user consent and access tokens, typically obtained through OAuth 2.0 client flows, which the Google Sign-In library can implement for you.

    • Before making a Google API call, check the grantedScopes property of GIDGoogleUser to see which permissions your app already has.

    • If your app needs additional permissions for a specific interaction, use addScopes:presentingViewController:completion or addScopes:presentingWindow:completion to request them from the user.

    • To ensure your Google API calls use valid access tokens, wrap them in a refreshTokensIfNeededWithCompletion: block to handle token expiration and renewal.

    • You can use the refreshed access token by including it in the header of a REST or gRPC request or by utilizing the fetcher authorizer with the Google APIs Client Library.

    Some Google services, such as Drive, Gmail, and many others, provide public APIs that you can use to create apps that help users work with their data in these services. To access these services, apps must implement one of the OAuth 2.0 client flows to get consent from users and obtain access tokens , which grant access to the APIs.

    You can use the Google Sign-In library, which implements the OAuth 2.0 flow for you, to get access tokens for the signed-in user.

    Before you begin

    You must complete the basic Google Sign-In integration .

    1. Check which scopes have been granted

    Before you make a call to a Google API, check which scopes have already been granted to your app, using the grantedScopes property of GIDGoogleUser :

    Swift

      let 
  
 driveScope 
  
 = 
  
 "https://www.googleapis.com/auth/drive.readonly" 
 let 
  
 grantedScopes 
  
 = 
  
 user 
 . 
 grantedScopes 
 if 
  
 grantedScopes 
  
 == 
  
 nil 
  
 || 
  
 ! 
 grantedScopes 
 !. 
 contains 
 ( 
 driveScope 
 ) 
  
 { 
  
 // Request additional Drive scope. 
 }

    Objective-C

      NSString 
  
 * 
 driveScope 
  
 = 
  
 @"https://www.googleapis.com/auth/drive.readonly" 
 ; 
 // Check if the user has granted the Drive scope 
 if 
  
 ( 
 ! 
 [ 
 user 
 . 
 grantedScopes 
  
 containsObject 
 : 
 driveScope 
 ]) 
  
 { 
  
 // request additional drive scope 
 }

    Based on whether or not a certain scope has been granted by the user, you might need to make a request for an additional scope in order to support a particular interaction.

    2. Request additional scopes

    If you need to request additional scopes, call addScopes:presentingViewController:completion or addScopes:presentingWindow:completion to ask the user to grant your app additional access.

    For example, to request read-only access to a user's Drive files:

    Swift

      let 
  
 additionalScopes 
  
 = 
  
 [ 
 "https://www.googleapis.com/auth/drive.readonly" 
 ] 
 guard 
  
 let 
  
 currentUser 
  
 = 
  
 GIDSignIn 
 . 
 sharedInstance 
 . 
 currentUser 
  
 else 
  
 { 
  
 return 
  
 ; 
  
 /* Not signed in. */ 
 } 
 currentUser 
 . 
 addScopes 
 ( 
 additionalScopes 
 , 
  
 presenting 
 : 
  
 self 
 ) 
  
 { 
  
 signInResult 
 , 
  
 error 
  
 in 
  
 guard 
  
 error 
  
 == 
  
 nil 
  
 else 
  
 { 
  
 return 
  
 } 
  
 guard 
  
 let 
  
 signInResult 
  
 = 
  
 signInResult 
  
 else 
  
 { 
  
 return 
  
 } 
  
 // Check if the user granted access to the scopes you requested. 
 }

    Objective-C

      NSArray 
  
 * 
 additionalScopes 
  
 = 
  
 @[ 
  
 @"https://www.googleapis.com/auth/drive.readonly" 
  
 ] 
 ; 
 GIDGoogleUser 
  
 * 
 currentUser 
  
 = 
  
 GIDSignIn 
 . 
 sharedInstance 
 . 
 currentUser 
 ; 
 [ 
 currentUser 
  
 addScopes 
 : 
 additionalScopes 
  
 presentingViewController 
 : 
 self 
  
 completion 
 : 
 ^ 
 ( 
 GIDSignInResult 
  
 * 
  
 _Nullable 
  
 signInResult 
 , 
  
 NSError 
  
 * 
  
 _Nullable 
  
 error 
 ) 
  
 { 
  
 if 
  
 ( 
 error 
 ) 
  
 { 
  
 return 
 ; 
  
 } 
  
 if 
  
 ( 
 signInResult 
  
 == 
  
 nil 
 ) 
  
 { 
  
 return 
 ; 
  
 } 
  
 // Check if the user granted access to the scopes you requested. 
 }];

    3. Make an API call with fresh tokens

    To ensure that your Google API calls always have unexpired access tokens attached, wrap the calls in a refreshTokensIfNeededWithCompletion: block:

    Swift

      currentUser 
 . 
 refreshTokensIfNeeded 
  
 { 
  
 user 
 , 
  
 error 
  
 in 
  
 guard 
  
 error 
  
 == 
  
 nil 
  
 else 
  
 { 
  
 return 
  
 } 
  
 guard 
  
 let 
  
 user 
  
 = 
  
 user 
  
 else 
  
 { 
  
 return 
  
 } 
  
 // Get the access token to attach it to a REST or gRPC request. 
  
 let 
  
 accessToken 
  
 = 
  
 user 
 . 
 accessToken 
 . 
 tokenString 
  
 // Or, get an object that conforms to GTMFetcherAuthorizationProtocol for 
  
 // use with GTMAppAuth and the Google APIs client library. 
  
 let 
  
 authorizer 
  
 = 
  
 user 
 . 
 fetcherAuthorizer 
 () 
 }

    Objective-C

      [ 
 currentUser 
  
 refreshTokensIfNeededWithCompletion 
 :^ 
 ( 
  
 GIDGoogleUser 
  
 * 
  
 _Nullable 
  
 user 
 , 
  
 NSError 
  
 * 
  
 _Nullable 
  
 error 
 ) 
  
 { 
  
 if 
  
 ( 
 error 
 ) 
  
 { 
  
 return 
 ; 
  
 } 
  
 if 
  
 ( 
 user 
  
 == 
  
 nil 
 ) 
  
 { 
  
 return 
 ; 
  
 } 
  
 // Get the access token to attach it to a REST or gRPC request. 
  
 NSString 
  
 * 
 accessToken 
  
 = 
  
 user 
 . 
 accessToken 
 . 
 tokenString 
 ; 
  
 // Or, get an object that conforms to GTMFetcherAuthorizationProtocol for 
  
 // use with GTMAppAuth and the Google APIs client library. 
  
 id<GTMFetcherAuthorizationProtocol> 
  
 authorizer 
  
 = 
  
 [ 
 user 
  
 fetcherAuthorizer 
 ]; 
 }];

    Use the access token to call the API, by either including the access token in the header of a REST or gRPC request ( Authorization: Bearer ACCESS_TOKEN ), or by using the fetcher authorizer with the Google APIs Client Library .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: