How to use Resource Owner Password Credentials with Google OAuth?

Question

Folks,

I am looking for a functional example of using com.google.api.client.auth.oauth2.draft10.AccessTokenRequest.ResourceOwnerPasswordCredentialsGrant , to authenticate a user without using the web-based UI . Tried the sample provided in the class (replaced https://server.example.com/authorize with https://accounts.google.com/o/oauth2/auth ), but got invalid_request response. Is this is the right URL to post to? Does the request need additional attributes set on it? Tried setting scope like this, but no luck request.set("scope", " https://www.googleapis.com/auth/calendar "). Also tried setting response_type, grant_type, Any help would be greatly appreciated. Here is the code (maven project attached as well):

Test.java

import com.google.api.client.auth.oauth2.draft10.AccessTokenErrorResponse;
import com.google.api.client.auth.oauth2.draft10.AccessTokenRequest.ResourceOwnerPasswordCredentialsGrant;
import com.google.api.client.auth.oauth2.draft10.AccessTokenResponse;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson.JacksonFactory;
public class Test {
  public static void main(String[] args) throws Exception {
    try {
      ResourceOwnerPasswordCredentialsGrant request =
          new ResourceOwnerPasswordCredentialsGrant(
              new NetHttpTransport(), 
              new JacksonFactory(),
              "https://accounts.google.com/o/oauth2/auth", 
              "<client_id>", 
              "<client_secret>",
              "<user_username>", 
              "<user_password>");
      AccessTokenResponse response = request.execute();
      System.out.println("Access token: " + response.accessToken);
    } catch (HttpResponseException e) {
      AccessTokenErrorResponse response = e.response.parseAs(AccessTokenErrorResponse.class);
      System.out.println("Error: " + response.error);
    }
  }
}

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.acme</groupId>
    <artifactId>google-oauth</artifactId>
    <version>1</version>
    <name>Google OAuth</name>
    <dependencies>
        <dependency>
            <groupId>com.google.api.client</groupId>
            <artifactId>google-api-client</artifactId>
            <version>1.4.1-beta</version>
        </dependency>
    </dependencies>
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
</project>

Answer 1

The Google OAuth2.0 authorization server does not support the Resource Owner Password Credentials flow. If you provide a reason for avoiding the web-based UI, there may be some workarounds available - for example, service accounts within an enterprise setting where your app can act on behalf of the user.