How to solve socialauth-android (by 3pillarlabs) and Google Accounts/Google+ using OAuth2.0

Question

I'm building an Android application where users should be able to login to the application using an email/password combination (no brainer) or via their preferred social network.

I've implemented the socialAuth library for Android from 3pillarlabs ( found on Github ) and have successfully been able to implement code for sign in via Facebook and Twitter. It's simple: you create an app, copy the key and secret into the properties file in your Android project, add a few lines of code and bam! You are able to login to the application using Facebook or Twitter.

Trying this with Google Accounts deemed to be a lot more difficult because the guide they provide is out of date - it seems to use OAuth (version 1) and not OAuth2.0. I've had difficulty trying to understand how to do this with OAuth2.0 and the socialAuth library. I don't want to do as much work as suggested on Google's page for implementing application sign in with Google+ , if it can only be a few lines when using the socialAuth library.

My main issue is identifying the consumer_secret . When you create an application on the Google Developer Console , you are directed to a screen where you activate relevant APIs and then you set permissions - you create an OAuth Client ID (which is your consumer_key in the socialAuth properties file), but where do you find your consumer_secret ?

I've learnt that using Google+ you could have a sort of callBack send you an authentication code, but I don't understand what it is that should be happening.

This solution helps , but I still don't know where to get the consumer_secret (apparently created in step 1):

1.  First register your application on Google Cloud console:
  a. Go to https://cloud.google.com/console/project 
  b. Login
  c. Create a new project
  d. APIs & Auth > Credentials
  e. Create New Client ID ( Application Type: Web Application, Authorized redirect URL: http://YOUR_HOST_NAME/socialauth.html)

2.  Modify brickred properties.xml
  Replace 
  <prop key="www.google.com.consumer_key">opensource.brickred.com</prop>
  <prop key="www.google.com.consumer_secret">YC06FqhmCLWvtBg/O4W/aJfj</prop>

  with

  <prop key="googleapis.com.consumer_key">CLIENT ID created in Step 1.e above</prop>
  <prop key="googleapis.com.consumer_secret">Client Secret created in Step 1.e above </prop>

If you are not using Spring, modify oauth_consumer.properties

Modify the link in your application where the user clicks on to start the contacts import process:
change
  ?id=google

to

  ?id=googleplus

Has anyone implemented the socialAuth library for Android from 3pillarlabs and figured out how to login to your application using Google Accounts or Google+ and OAuth2.0 ? Where do you get the consumer_secret ?

Something that confuses me, for example is this found on the Google Developer Console documentation regarding Setting up OAuth2.0

Setting up OAuth 2.0

To use OAuth 2.0 in your application, you need an OAuth 2.0 client ID, which your application uses when requesting an OAuth 2.0 access token. When you register an application in the Google Developers Console, you can generate an OAuth 2.0 client ID.

To find your application's client ID and client secret, and set a redirect URI, expand the OAuth 2.0 Client ID section.

To deactivate the client ID, delete the application from the Developers Console.

How do you "expand the OAuth 2.0 Client ID section" ? Here is a screenshot of this screen:

Answer 1

I was just having this problem, and just figured it out. Go to your developer console and click on the following 2 things:

The JSON file contains your secret, after the key "client_secret", and the api key is listed after "client_id". The file is a bit difficult to read, so copy the text out of the file using notepad or something and paste it into here: http://jsonviewer.stack.hu/

It'll organize the information for you, then click on the 'viewer' tab and the data will be nice and easy to see, like so: Doing this got it working with socialauth-android for me, kind of, but I've actually been running into a redirect_uri_mismatch error after that, so lemme know if you run into the same thing afterwards.