How do I create those oauth credentials?

Question

How do I create those oauth credentials?

zeke opened this issue 8 years ago · comments

From the usage doc:

    --client-id       OAuth2 Client ID
    --client-secret   OAuth2 Client Secret
    --refresh-token   OAuth2 Refresh Token

Is this the right URL? https://developer.chrome.com/webstore/using_webstore_api

That's leading me to https://console.developers.google.com/apis/credentials which doesn't feel right. The OAuth flow described there is one where a user consents in-browser. 😱

Andrew Levine · Answer 1 · Wed Jun 29 2016 22:16:27 GMT+0800 (China Standard Time)

Yeah, the official Google docs on that topic are pretty dreadful. I burned through an hour or so one night trying to figure it out (but apparently never documented it 😛).

I'll get some updated docs in the readme later today. Will have to go walk through it again.

Andrew Levine · Answer 2 · Mon Jul 04 2016 11:36:23 GMT+0800 (China Standard Time)

Apologies for the delay. Here are the steps:

Visit https://console.developers.google.com/apis/api/chromewebstore/overview
Click the button to create a new project (confusing, but totally separate from the project for your extension). You can literally name it anything (you'll likely never see the name again).
When redirected back to the Overview page, click Enable for the API
Click the Credentials tab on the left-hand side of the page
Click Create credentials >> OAuth Client ID
Go through the Configure consent screen prompt (you just need to enter a project name)
You should then be given a client_id and client_secret
Now, go back to this page, and start at step 9. Make sure you go through the OAuth acceptance page logged in under the account that owns the extension you're planning to publish.
Once you've jumped through all the hoops outlined in that document, you should have your client_id, client_secret, and refresh_token.

Pretty ridiculous, right?

Let me know if those steps work for you, and (if you don't mind) please point out any places my steps are lacking along the way. Once you confirm the steps above, I'll update the readme with the info.

Tsotne Nazarashvili · Answer 3 · Sat Jul 09 2016 04:48:40 GMT+0800 (China Standard Time)

@DrewML did all that and there is no refresh token there

Tim Uy · Answer 4 · Wed Jul 13 2016 03:10:36 GMT+0800 (China Standard Time)

@thecotne did you figure it out? It is terribly manually, but step 9 will give you an "authorization code", which you then use in curl to retrieve something like this:

{
"access_token" : "aaa",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "zzzz"
}

after you get the refresh_token you can use this at any time to make a new access_token to do the deeds

Tsotne Nazarashvili · Answer 5 · Wed Jul 13 2016 03:21:33 GMT+0800 (China Standard Time)

did you figure it out?

couldn't

but i found another script https://github.com/pastak/chrome-webstore-manager

does all same things ...

Tim Uy · Answer 6 · Wed Jul 13 2016 04:38:54 GMT+0800 (China Standard Time)

step 1. use your clientId and webbrowser to obtain an authorization code

https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/chromewebstore&client_id=$CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob

step 2. use curl, your client id, your client secret and the authorization to get the access token and refresh token

curl "https://accounts.google.com/o/oauth2/token" -d
"client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&code=$CODE&grant_type=authorization_code&redirect_uri=urn:ietf:wg:oauth:2.0:oob"

not sure why you couldn't programmatically obtain these, maybe it is too hard to programmatically push the button?

Tsotne Nazarashvili · Answer 7 · Wed Jul 13 2016 15:03:40 GMT+0800 (China Standard Time)

sorry i missed step 8 from DrewML guide

because it says "go back to this page" i have not clicked it and ...

i was thinking back to google developer console

Micky Brunetti · Answer 8 · Wed Jul 20 2016 14:05:03 GMT+0800 (China Standard Time)

There are some step missing where I'm not quite sure what to do.

When redirected back to the Overview page, click Enable for the API

Ok but but should we create the API key or not from there?

Step 5 to 7

What Application type should we select? (If I select Chrome App it doesn't give me any client_secret)

I'm saying this because I'm getting an error 400 from Google when fetching the token during upload

Tsotne Nazarashvili · Answer 9 · Wed Jul 20 2016 14:42:04 GMT+0800 (China Standard Time)

@micky2be guide is actually OK

Ok but but should we create the API key or not from there?

on step 5 you create Click "OAuth Client ID" kinda like API key

What Application type should we select? (If I select Chrome App it doesn't give me any client_secret)

it's not chrome app it's for terminal use

and don't miss step 8

Micky Brunetti · Answer 10 · Wed Jul 20 2016 15:00:04 GMT+0800 (China Standard Time)

Hmmm, I believe I did everything correctly.
Using a REST client it seems to work with https://www.googleapis.com/oauth2/v3/token instead of https://accounts.google.com/o/oauth2/token

Federico Brigante · Answer 11 · Wed Dec 28 2016 17:44:00 GMT+0800 (China Standard Time)

The confusion here is that CWU asks for a refreshToken but we actually need the accessToken. In the next semver major we should probably change the wording across the modules.

I wrote an extended guide in the main repo: 🎉 fregante/chrome-webstore-upload#5 and #14

I'm hosting the guide's images in this comment.