Description
What's the issue?
We don't document how to get a GCP refresh token for static credentials, I have provided this snippet from my notes on how the generation (can) work.
Getting the client_id and client_secret
The client_id and client_secret for OAuth2 authentication can be created and downloaded from Google Console under APIs & Services -> Credentials (link).
{
|
"installed": {
|
"client_id": "<client_id>",
|
"project_id": "<project_id>",
|
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
"token_uri": "https://oauth2.googleapis.com/token",
|
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
"client_secret": "<client_secret>",
|
"redirect_uris": [
|
"http://localhost"
|
]
|
}
|
}
|
These will be used when initially creating the refresh_token.
Getting the refresh_token
Obtaining a refresh token is a two stage process, firstly the OAuth2 auth code must be acquired.
CLIENT_ID="" CLIENT_SECRET="" SCOPE="https://www.googleapis.com/auth/devstorage.read_write" ENDPOINT="https://accounts.google.com/o/oauth2/v2/auth" URL="$ENDPOINT?client_id=$CLIENT_ID&response_type=code&scope=$SCOPE&access_type=offline&redirect_uri=http://localhost:12345" open $URL
|
The code will be included in the query parameters in the URL bar of your browser (due to the redirect to localhost:12345).
CLIENT_ID="" CLIENT_SECRET="" AUTH_CODE="" curl -s -X POST https://www.googleapis.com/oauth2/v4/token --data-urlencode "client_id=$CLIENT_ID" --data-urlencode "client_secret=$CLIENT_SECRET" --data-urlencode "code=$AUTH_CODE" --data-urlencode "redirect_uri=http://localhost:12345" --data-urlencode "grant_type=authorization_code"
|
This will dump a payload to stdout containing the refresh_token.
Attachments
Issue Links
- is duplicated by
-
DOC-10610 GCP backup instructions improvements.
-
- In Progress
-