.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "LWP::Authen::OAuth2::ServiceProvider::Google 3pm"
.TH LWP::Authen::OAuth2::ServiceProvider::Google 3pm "2023-02-04" "perl v5.36.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
LWP::Authen::OAuth2::ServiceProvider::Google \- Google OAuth2
.SH "VERSION"
.IX Header "VERSION"
version 0.20
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
See LWP::Authen::OAuth2 for basic usage.  The one general note is that
\&\f(CW\*(C`scope\*(C'\fR is \f(CW\*(C`scope\*(C'\fR is optional in the specification, but required for
Google.  Beyond that Google supports many client types, and their behavior
varies widely.
.PP
See <https://developers.google.com/accounts/docs/OAuth2> for Google's
own documentation.  The documentation here is a Cliff Notes version of that,
so look there for any necessary clarification.
.SH "REGISTERING"
.IX Header "REGISTERING"
Before you can use OAuth 2 with Google you need to register yourself as a
client.  For that, go to <https://code.google.com/apis/console>.  Follow
their directions to create a project, choose your \f(CW\*(C`flow\*(C'\fR (which is called
your \f(CW\*(C`client_type\*(C'\fR in this document \- look ahead for advice on available
types), and then you'll be given a \f(CW\*(C`client_id\*(C'\fR and \f(CW\*(C`client_secret\*(C'\fR.  If
you're in the Login, WebServer or Client client types you'll also need to
register a \f(CW\*(C`redirect_uri\*(C'\fR with them, which will need to be an
\&\f(CW\*(C`https://...\*(C'\fR \s-1URL\s0 under your control.
.PP
At that point you have all of the facts that you need to use this module.  Be
sure to keep your \f(CW\*(C`client_secret\*(C'\fR secret \- if someone else gets it and
starts abusing it, Google reserves the right to block you.
.PP
This module only handles the authorization step, after which it is up to you
to figure out how to use whatever \s-1API\s0 you want to access.
.SH "CLIENT TYPES"
.IX Header "CLIENT TYPES"
Google offers many client types.  Here is the status of each one in this
module:
.IP "Login" 4
.IX Item "Login"
This is for applications that want to let Google manage their logins.  See
<https://developers.google.com/accounts/docs/OAuth2Login> for Google's
documentation.
.Sp
This is not yet supported, and would require the use of \s-1JSON\s0 Web Tokens to
support.
.IP "Web Server Application" 4
.IX Item "Web Server Application"
This is intended for applications running on web servers, with the user
sitting behind a browser interacting with you.  See
<https://developers.google.com/accounts/docs/OAuth2WebServer> for Google's
documentation.
.Sp
It can be specified in the constructor with:
.Sp
.Vb 1
\&    client_type => "web server",
.Ve
.Sp
however that is not necessary since it is also the assumed default if no
client_type is specified.
.Sp
After registering yourself as a client with Google, you will need to specify
the \f(CW\*(C`redirect_uri\*(C'\fR as an https \s-1URL\s0 under your control.  If you just need
this for one or two accounts there is no need to actually build anything at
that \s-1URL\s0 \- just go through the authorization as those accounts and grab your
\&\f(CW\*(C`code\*(C'\fR from the \s-1URL.\s0  If you will support many, making that \s-1URL\s0 useful is
your responsibility.
.Sp
With this client type you are not guaranteed a refresh token, so the
constructor does not require \f(CW\*(C`client_id\*(C'\fR and \f(CW\*(C`client_secret\*(C'\fR.  (Passing them
there is still likely to be convenient for you.) However there are several
optional arguments available to \f(CW\*(C`$oauth2\->authorization_url(...)\*(C'\fR that
are worth taking note of:
.RS 4
.ie n .IP """access_type""" 4
.el .IP "\f(CWaccess_type\fR" 4
.IX Item "access_type"
Pass \f(CW\*(C`access_type => "offline",\*(C'\fR to \f(CW\*(C`$oauth2\-\*(C'\fRrequest_tokens(...)> to
request offline access.  This means that you get a \f(CW\*(C`refresh_token\*(C'\fR which can
be used to refresh the access token without help from the user.  The intent
of this option is to support things like software that delays posting a blog
entry until a particular time.
.Sp
In light testing this did not work for me until I passed the next argument,
but then it worked perfectly.
.ie n .IP """approval_prompt""" 4
.el .IP "\f(CWapproval_prompt\fR" 4
.IX Item "approval_prompt"
Pass \f(CW\*(C`approval_prompt => "force",\*(C'\fR to \f(CW\*(C`$oauth2\-\*(C'\fRrequest_tokens(...)> to
force the user to see the approval screen.  The default behavior without this
is that the user sees the approval screen the first time through, and on
subsequent times just gets an immediate redirect.
.ie n .IP """login_hint""" 4
.el .IP "\f(CWlogin_hint\fR" 4
.IX Item "login_hint"
If you think you know who the user is, you can pass an email in this
parameter to let Google know which account you are trying to access.  Google
thinks this may be helpful if someone is logged into multiple accounts at
the same time.
.RE
.RS 4
.RE
.IP "Client-side Application" 4
.IX Item "Client-side Application"
This client type is only for JavaScript applications.  See
<https://developers.google.com/accounts/docs/OAuth2UserAgent> for Google's
documentation.
.Sp
This is not supported since Perl is not JavaScript.
.IP "Installed Application" 4
.IX Item "Installed Application"
This client type is for applications that run on the user's machine, which can
control a browser.  See
<https://developers.google.com/accounts/docs/OAuth2InstalledApp> for
Google's documentation.
.Sp
It can be specified in the constructor with:
.Sp
.Vb 1
\&    client_type => "installed",
.Ve
.Sp
On the first time it is the client's responsibility to open a browser and
send the user to \f(CW\*(C`$oauth2\-\*(C'\fRauthorization_url(...)>.  If you pass in
\&\f(CW\*(C`redirect_uri => "http://localhost:$port",\*(C'\fR then your application is
expected to be listening on that port.  If you instead pass in
\&\f(CW\*(C`redirect_uri => "urn:ietf:wg:oauth:2.0:oob",\*(C'\fR then the code you need
will be in the \f(CW\*(C`title\*(C'\fR inside of the page the browser is redirected to, and
you'll need to grab it from there.
.Sp
The returned tokens always give you a refresh token, so you only have to go
through this once per user.
.Sp
The only special authorization argument is \f(CW\*(C`login_hint\*(C'\fR, which means the
same thing that it does for webserver applications.
.IP "Devices" 4
.IX Item "Devices"
This client_type is for applications that run on the user's machine, which do
not control a browser.  See
<https://developers.google.com/accounts/docs/OAuth2ForDevices> for Google's
documentation.
.Sp
This client_type is not supported because I have not yet thought through how to
handle the required polling step of setting up permissions.
.IP "Service Account" 4
.IX Item "Service Account"
This client_type is for applications that login to the developer's account
using the developer's credentials.  See
<https://developers.google.com/accounts/docs/OAuth2ServiceAccount> for
Google's documentation.
.Sp
This is not yet supported, and would require the use of \s-1JSON\s0 Web Tokens to
support.
.SH "AUTHORS"
.IX Header "AUTHORS"
.IP "\(bu" 4
Ben Tilly, <btilly at gmail.com>
.IP "\(bu" 4
Thomas Klausner <domm@plix.at>
.SH "COPYRIGHT AND LICENSE"
.IX Header "COPYRIGHT AND LICENSE"
This software is copyright (c) 2013 \- 2022 by Ben Tilly, Rent.com, Thomas Klausner.
.PP
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.