Google API .NET Client - How do I get OAuth2 Access Token and Refresh token for C# ASP.NET Core Web API client to authenticate YouTube Data API v3

[coderealm]

How do I get OAuth2 Access Token and Refresh token for C# ASP.NET Core Web API client to authenticate YouTube Data API v3

There is no UI for a username to manually enter their username and password, then receive code to get the token in this scenario. No redirect_uri is required.

How can I get the access token and refresh token

I once solved a similar issue with Microsoft Azure AD, solution on stackoverflow

I just can't find any information regarding Google Cloud Platform .NET clients for this scenario

[amanda-tarafa]

There's no way to authenticate users like this in Google, from a user name and password like you seem to be doing for Azure. You will never have access to the user's Google account password to do something like this.

You always need to first obtain the access and refresh tokens for the user, whit the user present, i.e. through some UI. When your application (the one with the UI, can be web, mobile or desktop) asks Google for the tokens, Google will redirect the user to Google's own authentication page, where the user will enter their Google email and password and potentially grant access to any resource your app has requested access through scopes. Once Google has authenticated the user, it will redirect to your specified redirect URI sending the access and refresh tokens.
At this point, you can store the tokens in a log term storage, and use them on your backend services to act on behalf of the user. See for instances #1731 and #1725 for discussions around how to do this.

[coderealm]

Can you please provide a solution for this type of scenario.
Here is my use case.
I have an account on YouTube that I want to host videos. These videos will be from different clients at different places.
I have a portal (Reactjs Web App) that clients login and upload videos. The Reactjs Web App sends data/videos to my server via a ASP.NET Core Web API. The API receives the data, process the data and persist the data. I don't want to re-invert the wheel so I use some cloud providers, YouTube business account for storage and streaming the videos, Azure Cloud for some blob storage.

The Web API needs to authenticate and access my YouTube business channel and upload the video programmatically.
This is possible when I use the desktop app provided by yourself(Google) but not possible when I use the Web Application because it requires a redirect or ui. But I can't use a desktop or console solution provided by Google because I host my app on Azure App service.

So there is use case for my scenario, can you provide a solution?

Software Architecture have geared towards Micro-services, so there should be service or API to API authentication without users being present

[jskeet]

If you want your server to use your YouTube account, then you can authenticate that yourself to get an access token and a refresh token which you'd probably store in a database. You wouldn't go through the initial authentication process within your web app, because the users of the web app don't have the relevant information to authenticate.

[amanda-tarafa]

As @jskeet said, for your server to use your own You Tube account, you can write a quick console app to authenticate yourself and get your access and refresh tokens, store them in a secure location that your backend can access and use them from there.

Your Console app should have this code (or very similar):

using Google.Apis.Auth.OAuth2
....
UserCredential credential = (await GoogleWebAuthorizationBroker.AuthorizeAsync(
    new ClientSecrets { ClientId = "...", ClientSecret = "..."},
    new string[] { ... } // Whatever scopes you need here.
    "user",
    default)) as UserCredential;

// TokenResponse contains the tokens, access token expiry time etc.
TokenResponse token = credential.Token;

[coderealm]

Many thanks for your help. This looks like it will work.
I will implement this and update you later today please.

[coderealm]

You should see the beam of smile on my cheeks...
It works like charm
Many thanks for your help @jskeet and @amanda-tarafa

[coderealm]

Solved from code snippets above

[dpickering95]

hi @amanda-tarafa i'm hoping you can help me with my scenario. i can understand how my web UI can implement oauth to get the access and refresh tokens. once that's done i can send that back to my API, that part is clear.

what's unclear is: how can i use the access token in the .NET google client libraries? i see the GoogleWebAuthorizationBroker, but that wants to open a window in the browser. ideally, i'd like to be able to just set my access token and then proceed with the upload. any thoughts?

[amanda-tarafa]

If you send the access token to your API and it's in your API where you want to access Google services then you can do as follows in your API code (example with YouTube, but will work the same with any of the others):

YouTubeService service = new YouTubeService(new BaseClientService.Initializer
{
    HttpClientInitializer = Google.Apis.Auth.OAuth2.GoogleCredential.FromAccessToken(accesToken),
    ...
});

One thing to note is that you would have to send a fresh access token from the client appliction to your API everytime, access tokens usually have a 1 hour lifetime. For that, on the client application where you are performing the authentication and calling your API, you have to store the UserCredential (the one created like #1739 (comment)) and ask it for an access token every time you are going to call the API by calling GetAccessTokenForRequestAsync.

[dpickering95]

thank you @amanda-tarafa !

i see the last version that has that class is 1.44.1. can you speak to why that was removed?