Home/ Questions/Q 8551157
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T14:07:59+00:00

I’m trying to use OAuth2 for Server to Server Applications in conjunction with Google’s

  • 0

I’m trying to use OAuth2 for Server to Server Applications in conjunction with Google’s Content API for Shopping using the google-api-client gem and Ruby on Rails 3.2.5. Also, I have already set up my merchant account as prescribed in the Content API documentation.

This was the best way I found to be able to:

  • create/update products in the background
  • have created products fall under my company’s Google Products ‘umbrella’
  • not require every user to authenticate/authorize when their token expires

Using lines 1 – 23 from this sample as a starting point, I’ve begun to write the following module for use in background jobs:

require 'httparty'
require 'google/api_client'

module GoogleProducts
  GOOGLE_CONFIG = YAML.load_file(File.join(Rails.root, "config", "google.yml"))[Rails.env]

  CLIENT_ID = "XXXXXXXXXXXX@developer.gserviceaccount.com"
  MERCHANT_ID = "XXXXXXX"
  SCOPE = "https://www.googleapis.com/auth/structuredcontent"

  KEY_FILE_PATH = File.join(Rails.root, "config", "my-privatekey.p12")
  KEY_FILE_PASS = "XXXXXXXXXX"

  def self.add_item(item_id)
    self.fetch_token
    xml = self.gen_item_xml(item_id)
    headers = {"Content-type" => "application/atom+xml", "Content-Length" => xml.length.to_s}
    url = "https://content.googleapis.com/content/v1/#{MERCHANT_ID}/items/products/generic?access_token=#{$gp_token}"

    response = HTTParty.post(url, :body => xml, :headers => headers).parsed_response
  end

  def self.gen_item_xml(item_id)
    #building product xml
  end

  private
  def self.fetch_token
    api_client = Google::APIClient.new(:authorization => :oauth2)
    key = Google::APIClient::PKCS12.load_key(KEY_FILE_PATH, KEY_FILE_PASS)
    asserter = Google::APIClient::JWTAsserter.new(CLIENT_ID, SCOPE, key)

    begin
      api_client.authorization = asserter.authorize

      #todo - store in something other than a global
      $gp_token = api_client.authorization.access_token
    rescue Signet::AuthorizationError => e
      puts e.message
    ensure
      return $gp_token
    end
  end
end

Everything seemingly works fine – the authentication, the handling of the auth token – until I attempt to actually add an item, which I get the following when I do:

<errors xmlns='http://schemas.google.com/g/2005'>
  <error>
    <domain>GData</domain>
    <code>ServiceForbiddenException</code>
    <internalReason>Could not find authenticated customer</internalReason>
  </error>
</errors>

Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After much anguish and mental toil, I’ve finally solved my issue!

    Since I am using OAuth 2 Server to Server authentication the suggestion hjblok gave didn’t apply (thanks for giving it a shot, though!).

    I simply added the email address that was associated with my Service Account key from the Google API Console (e.g. XXXXXXXXXXXX@developer.gserviceaccount.com) to my Google Merchant account (Settings > Users on the merchant admin page), and it worked.

    If there’s any clarification needed, please feel free to comment!

    • 0