How do I authorize a service account for Google Calendar API in Ruby?

Question

How do I authorize a service account for Google Calendar API in Ruby? I tried the quick start guide, but it crashed.

https://developers.google.com/calendar/quickstart/ruby#step_3_set_up_the_sample

quickstart.rb

require 'google/apis/calendar_v3'
require 'googleauth'
require 'googleauth/stores/file_token_store'
require 'fileutils'

OOB_URI = 'urn:ietf:wg:oauth:2.0:oob'.freeze
APPLICATION_NAME = 'Google Calendar API Ruby Quickstart'.freeze
CLIENT_SECRETS_PATH = 'client_secrets.json'.freeze
CREDENTIALS_PATH = 'token.yaml'.freeze
SCOPE = Google::Apis::CalendarV3::AUTH_CALENDAR_READONLY

##
# Ensure valid credentials, either by restoring from the saved credentials
# files or intitiating an OAuth2 authorization. If authorization is required,
# the user's default browser will be launched to approve the request.
#
# @return [Google::Auth::UserRefreshCredentials] OAuth2 credentials
def authorize
  client_id = Google::Auth::ClientId.from_file(CLIENT_SECRETS_PATH) ### LINE 19
  token_store = Google::Auth::Stores::FileTokenStore.new(file: CREDENTIALS_PATH)
  authorizer = Google::Auth::UserAuthorizer.new(client_id, SCOPE, token_store)
  user_id = 'default'
  credentials = authorizer.get_credentials(user_id)
  if credentials.nil?
    url = authorizer.get_authorization_url(base_url: OOB_URI)
    puts 'Open the following URL in the browser and enter the ' \
         'resulting code after authorization:\n' + url
    code = gets
    credentials = authorizer.get_and_store_credentials_from_code(
      user_id: user_id, code: code, base_url: OOB_URI
    )
  end
  credentials
end

# Initialize the API
service = Google::Apis::CalendarV3::CalendarService.new
service.client_options.application_name = APPLICATION_NAME
service.authorization = authorize

# Fetch the next 10 events for the user
calendar_id = 'primary'
response = service.list_events(calendar_id,
                               max_results: 10,
                               single_events: true,
                               order_by: 'startTime',
                               time_min: Time.now.iso8601)
puts 'Upcoming events:'
puts 'No upcoming events found' if response.items.empty?
response.items.each do |event|
  start = event.start.date || event.start.date_time
  puts "- #{event.summary} (#{start})"
end

Console

>ruby quickstart.rb
C:/ruby23/lib/ruby/gems/2.3.0/gems/googleauth-0.6.2/lib/googleauth/client_id.rb:97:in `from_hash': Expected top level property 'installed' or 'web' to be present. (RuntimeError)
        from C:/ruby23/lib/ruby/gems/2.3.0/gems/googleauth-0.6.2/lib/googleauth/client_id.rb:83:in `block in from_file'
        from C:/ruby23/lib/ruby/gems/2.3.0/gems/googleauth-0.6.2/lib/googleauth/client_id.rb:80:in `open'
        from C:/ruby23/lib/ruby/gems/2.3.0/gems/googleauth-0.6.2/lib/googleauth/client_id.rb:80:in `from_file'
        from quickstart.rb:19:in `authorize'
        from quickstart.rb:39:in `<main>'

The (outdated) documentation for authorizing service accounts only has examples for Java and Python.

https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

Old similar question with 0 answers: Google Calendar API in Ruby using Service Account

Answer 1

OK I found a way.

https://developers.google.com/api-client-library/ruby/auth/service-accounts

require 'google/apis/calendar_v3'
require 'googleauth'

# Get the environment configured authorization
scopes =  ['https://www.googleapis.com/auth/calendar']
authorization = Google::Auth.get_application_default(scopes)

# Clone and set the subject
auth_client = authorization.dup
auth_client.sub = 'myemail@mydomain.com'
auth_client.fetch_access_token!

# Initialize the API
service = Google::Apis::CalendarV3::CalendarService.new
service.authorization = auth_client

# Fetch the next 10 events for the user
calendar_id = 'primary'
response = service.list_events(calendar_id,
                               max_results: 10,
                               single_events: true,
                               order_by: 'startTime',
                               time_min: Time.now.iso8601)
puts 'Upcoming events:'
puts 'No upcoming events found' if response.items.empty?
response.items.each do |event|
  start = event.start.date || event.start.date_time
  puts "- #{event.summary} (#{start})"
end

And

>set GOOGLE_APPLICATION_CREDENTIALS=client_secrets.json

C:\Users\Chloe\workspace>ruby quickstart.rb
Upcoming events:
- Test (2018-05-17)
- SSL Certificate for CMS (2019-02-13)

But I wonder where it saves the refresh token and access token? All I have to do now is make it work for ephemeral file systems like Heroku and store the tokens in the database.

Answer 2

For anyone still looking this is what worked for me:

require 'google/apis/calendar_v3'
require 'googleauth'

scope = 'https://www.googleapis.com/auth/calendar'

authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('/path/to/creds.json'),
  scope: scope)

authorizer.fetch_access_token!

service = Google::Apis::CalendarV3::CalendarService.new
service.authorization = authorizer

calendar_id = 'primary'
response = service.list_events(calendar_id,
                               max_results: 10,
                               single_events: true,
                               order_by: 'startTime',
                               time_min: Time.now.iso8601)
puts 'Upcoming events:'
puts 'No upcoming events found' if response.items.empty?
response.items.each do |event|
  start = event.start.date || event.start.date_time
  puts "- #{event.summary} (#{start})"
end

The trick was finding the docs for the google-auth-library-ruby https://github.com/googleapis/google-auth-library-ruby