OAuth 2.0 Playground: new features
By Nicolas Garnier,
Developer Relations
Last November,
we
launched the
OAuth 2.0
Playground, a tool enabling you to easily experiment with the OAuth 2.0 protocol and
APIs that use the protocol.
 |
| The OAuth 2.0 Playground |
Since then, we've continued adding new features to improve the developer experience and
increase the versatility of the tool.
Below is a list of features that we added since the initial release of the OAuth 2.0
playground.
Support for the OAuth 2.0 Client-side flow
You can now use the playground to experiment with the OAuth 2.0
Client-side
flow by simply changing a setting in the OAuth 2.0 configuration dialog. Once set, every
subsequent authorization request is performed using the client-side flow, and the playground’s
interface and logic adapt accordingly.
 |
| Setting the OAuth flow type |
Support for newer OAuth 2.0 drafts
We have added a setting to change the location of the access token in authorized requests to
the APIs. We added support for the authorization header with a
Bearer
prefix and the
access_token URL parameter locations. This makes the
playground compatible with most APIs supporting OAuth 2.0 drafts
10 to
25.
 |
| Setting the access token location |
Display available API operations
You can now easily display all the operations that are available using your current access
token. After clicking the
Find available Request URIs button, the
operations along with their associated HTTP Methods and URIs are displayed on the right-hand
side. This should help you quickly set up your request to the Google APIs without needing to
search through the online documentation.
 |
| Displaying the available endpoints after being authorized for the Google+
API |
Note: the technique used to find the list of operations available given an access token is
described
in
this blog post.
Support for the access_type and the
approval_prompt parameters
The playground now also lets you try the new Google-specific settings of the OAuth 2.0 flow:
the
access_type and the
approval_prompt
parameters of the authorization request.
 |
| Setting the access type and whether or not to force the approval
prompt |
Automatically refresh access tokens
If a refresh token is available, you can enable a feature that will automatically refresh the
access token shortly before it expires. This is convenient if you are using the playground for
a long time or if you are re-initializing the playground using the deep-link feature.
 |
| Enabling the access token auto-refresh feature |
Selectable links in responses
Clicking any links in an HTTP response will populate the request URI field so that you can
quickly and conveniently set up the playground for the next operation.
 |
| Clicking a link populates the Request URI field |
If you have any feedback or would like to get in touch with us, please don’t hesitate to post
on the
OAuth
2.0 Playground forum.
Nicolas
Garnier joined Google Developer Relations in 2008 and lives in Zurich. He is a
Developer Advocate focusing on Google Apps and Web APIs. Before joining Google, Nicolas worked
at Airbus and at the French Space Agency where he built web applications for scientific
researchers.
Posted by Scott Knaster,
Editor
