OAuth for Web Applications

This document describes how to get started using Google's implementation of the OAuth protocol to authorize a web application's requests for access to a user's data. If instead your application is installed on a computer or a mobile device, you should read the documentation on OAuth for Installed Apps.

If you want to allow users to sign in to your application using OpenID, you can find more information about implementing the Hybrid Protocol (OAuth+OpenID) in the OpenID documentation.

Prerequisites

This document is written for web application developers using the Google Data APIs to access a user's data. It assumes that you have read the documentation for the API you are using and are aware of any service-specific authorization issues. The document also assumes that you are familiar with the principles behind OAuth. For more background information, see the Beginner's Guide to OAuth

Contents

1. The OAuth authorization process
2. Getting ready for OAuth
   1. Deciding whether or not to register your web application
   2. Determining the scope of the data to which you require access
   3. Setting up a mechanism to manage OAuth tokens
   4. Setting up a mechanism to request access to a Google service
   5. Implementing OpenID (optional)
3. Working with OAuth tokens
   1. Setting a callback URL
   2. Identifying your application to users
   3. Working with Google Apps domains
4. OAuth for Google Apps domains
5. Migrating from AuthSub to OAuth