-
Notifications
You must be signed in to change notification settings - Fork 5
Authorization
Assumes installation steps have been completed.
All of the authorization logic is encapsulated in the gapi_auth package. You should start the authorization process by redirecting to the procedure: begin_auth. As well as passing in the parameters:
- p_scope - the access you'd like the user to grant. This is typically a constant in the package for the particular service. E.g. In gapi_drive_file there is a constant gc_drive_full, which gives full access to the users Drive. So you would pass in the value: gapi_drive_file.gc_drive_full. If you would like to specify multiple scopes, it is just a matter of separating scopes with a space
- p_return_app - the application to return to. This would typically refer to the current application, APP_ID
- p_return_page - the page to return to. This would typically refer to page you'd like to return to
- p_session - the current session ID so you can return to the same session, APP_SESSION
- p_item_for_refresh_token - The page (or application) item you'd like to store the refresh token in
- p_item_for_access_token - The page (or application) item you'd like to store the access token in (optional)
So for access to the users drive, we would have a URL such as: http://example.com/apex/SCHEMA.GAPI_AUTH.BEGIN_AUTH?p_scope=https://www.googleapis.com/auth/drive&p_return_app=100&return_page=1&p_session=123123123&p_item_for_refresh_token=GOOGLE_REFRESH_TOKEN.
Aside from the Session identifier, all properties are stored in a cookie, so that when we reach the callback, we can re-direct back to the specified application page, and setting the refresh (and access) token into session state.
The implementation of this library is to always return a refresh token so you can easily re-capture the access token without prompting the user each time.
It's worth noting, the refresh token typically contains the character '/' which as per the docs: http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35127/apex_escape.htm#AEAPI29272 is escaped in session state, so the '/' character is stored as: /.
Before saving this somewhere, it's necessary to restore it to its original form. I've had success unescaping the token with: UTL_I18N.UNESCAPE_REFERENCE. See: http://docs.oracle.com/cd/E11882_01/appdev.112/e16760/u_i18n.htm#ARPLS71170
e.g. :GOOGLE_REFRESH_TOKEN := UTL_I18N.UNESCAPE_REFERENCE(:GOOGLE_REFRESH_TOKEN);
For full documentation on how OAuth 2.0 authorization works, I recommend reading the Google documentation: https://developers.google.com/accounts/docs/OAuth2WebServer
-
Create a hidden item to store your scope in. For example, GAPI_DRIVE_FILE has defined: g_scope_full. So create a hidden item with the source type set as: PL/SQL Expression; and the source value or expression as: gapi_drive_file.g_scope_full
-
Create a button with the action when click defined as Redirect to URL and the URL target as: &OWNER..GAPI_AUTH.BEGIN_AUTH?p_scope=&P0_SCOPE.&p_return_app=&APP_ID.&p_return_page=&APP_PAGE_ID.&p_session=&APP_SESSION.&p_item_for_refresh_token=GOOGLE_REFRESH_TOKEN
-
Create a process that un-escapes the returned refresh token.
:GOOGLE_REFRESH_TOKEN := utl_i18n.UNESCAPE_REFERENCE(:GOOGLE_REFRESH_TOKEN);
It's probably worth refreshing the access token each time you call the API (or calculate when it needs to be refreshed)
:GOOGLE_ACCESS_TOKEN := gapi_auth.get_access_token(:GOOGLE_REFRESH_TOKEN);