How to authenticate a java application for the Google Contacts API?

Question

I've had a java application running for a few years that synced some contacts from some database into the gmail account of a customer.

This stopped working a few days ago, presumably because Google stopped supporting the simple username/password authentication.

First question: Am I correct in assuming that the only supported authentication now is OAuth2?

Assuming that is the case, I don't understand what kind of authorization scheme/flow I should use. I can't show a dialog - this is a service type kind of application, and it should only access one specific customer account that I control. I think I should use a Service Account , but the documentation says this:

Typically, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data.

But I want to use user data - the Contacts, specifically.

For that scenario the documentation has this to say:

If you have a Google Apps domain—if you use Google Apps for Work, for example—an administrator of the Google Apps domain can authorize an application to access user data on behalf of users in the Google Apps domain. For example, an application that uses the Google Calendar API to add events to the calendars of all users in a Google Apps domain would use a service account to access the Google Calendar API on behalf of users. Authorizing a service account to access data on behalf of users in a domain is sometimes referred to as "delegating domain-wide authority" to a service account.

But, I don't have a Google Apps domain.

So... now what?

Answer 1

First question: Am I correct in assuming that the only supported authentication now is OAuth2?

Yes

So... now what?

The closest analogy to a username-password is a refresh token (which is simply a string). IE:-

• If your app has a refresh token, it can, at any time, access the resources granted to it
• Because of the power of a refresh token, it needs to be securely stored, just like a password

The steps required to get a refresh token are described here How do I authorise an app (web or installed) without user intervention? (canonical ?)

That answer also contains a link which points to the Google docs for how to use a refresh token to obtain an access token.

Answer 2

And here some code (based on pinoyyid's suggestion):

String CLIENT_ID = "see instructions in accepted answer";
String CLIENT_SECRET = "see instructions in accepted answer";
String REFRESH_TOKEN = "see instructions in accepted answer";

Builder builder = new GoogleCredential.Builder();
builder.setTransport(GoogleNetHttpTransport.newTrustedTransport());
builder.setJsonFactory(JacksonFactory.getDefaultInstance());
builder.setClientSecrets(CLIENT_ID, CLIENT_SECRET);

Credential credential = builder.build();
credential.setRefreshToken(REFRESH_TOKEN);
credential.refreshToken(); // gets the access token, using the refresh token

ContactsService contactsService.setOAuth2Credentials(credential);

Query query = new Query(new URL("https://www.google.com/m8/feeds/contacts/default/full"));
query.setMaxResults(10_000);

ContactFeed allContactsFeed = contactsService.getFeed(query, ContactFeed.class);

LOGGER.log(Level.INFO, allContactsFeed.getTitle().getPlainText());

for(ContactEntry contact : allContactsFeed.getEntries())
{
  ...
}