Google服务帐户oauth重定向uri

Question

My application needs service account authorization. Everything is fine as long as I get the authorization.

My Question is: How do I know when a user gives me the authorization? There is no redirect uri as everyone notes so how do I get a callback? Is there an api that gives me the list of users that I have access to?

As of now I'm attempting to use oauthtoscombined to get the token for the simple account and the service account in the same process. But I cannot find any instructions on how. So if this is the right way, could someone point me in the right direction or explain how it works? Simply modifying the redirect uri doesnt work.

I have the marketplace app setup and it works alright with the test oauth flow but again, I cant find out how to get a callback.

Thanks!

Answer 1

Splitting the answer up a bit:

How do I know when a user gives me the authorization?  
There is no redirect uri as everyone notes so how do I get a callback?

Service accounts are set up in APIs console to access your own data, not someone else's. There is no call back because there is no user interaction in a service account.

The Google OAuth 2.0 endpoint supports server-to-server interactions such as those between a web application and Google Cloud Storage. For this scenario you need a service account, which is an account that belongs to your application instead of to an individual end user. For example, if you use the Google Prediction API to act on behalf of your application without accessing any user data, your application uses its service-account credentials to prove its own identity, and no end user is involved

Suggestion: Use Oauth2 if you would like to access information owned by someone else.

Is there an api that gives me the list of users that I have access to? 

No there is not. Once you have Oauth2 set up you will need to save the Refresh Tokens returned by the Authentication server. A refresh token is returned for each of the users that have granted you access to there accounts. You will then be able request data again on there behalf by using the Refresh Token to get a new access token.