Google PlayGamesAPI: How to validate ServerAuthCode in C#

Question

I have developed an Android game which successfully gets a ServerAuthCode from the Google Play API. I want to send this ServerAuthCode to my custom game server, which I have wrote in C# and validate it to authenticate the player.

There is a documentation by Google for Java available (part "Exchange the server auth code for an access token on the server"): https://developers.google.com/games/services/android/offline-access Unfortunately I can not adapt this for C#.

I have the client_secret.json which seems to include all API authentication data and I have the ServerAuthCode (which seems to be a token).

There is also a NuGet package available for C#, but it does not contain all the classes from the above documentation: https://www.nuget.org/packages/Google.Apis.AndroidPublisher.v3/

How can I validate the token? I would also welcome a simple Postman example.

Answer 1

I figured it out by trial and error. One important thing to note is that the Server Auth Code expires fast. In case you are debugging and copy & pasting by hand, it may happen that until you run the code, the Server Auth Code is already expired. In this case, Google API returns "invalid_grant" as error, which for me was misleading.

In my example solution you need to have a file "client_secret.json" in your project, which is copied on build to the output directory (file properties -> "Build Action" = "Content", "Copy to Output Directory" = "Copy always").

You get your client_secret.json file from the Google API console (https://console.developers.google.com/apis/credentials?project=, click on the download icon on the right side of your project, under "OAuth 2.0-Client-IDs").

Important: The redirect url must match the redirect url configured in your project. For me, it was just empty, so just use an empty string.

using Google.Apis.Auth.OAuth2;
using Google.Apis.Auth.OAuth2.Requests;
using System;
using System.IO;
using System.Reflection;
using System.Text;

namespace GoogleApiTest
{
    // Source: https://developers.google.com/identity/sign-in/android/offline-access
    class Program
    {
        static void Main(string[] args)
        {
            var authCode = "YOUR_FRESH_SERVER_AUTH_CODE";

            var path = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), @"client_secret.json");
            var config = File.ReadAllText(path, Encoding.UTF8);

            GoogleClientSecrets clientSecrets = GoogleClientSecrets.Load(new FileStream(path, FileMode.Open));

            var request = new AuthorizationCodeTokenRequest()
            {
                ClientId = clientSecrets.Secrets.ClientId,
                ClientSecret = clientSecrets.Secrets.ClientSecret,
                RedirectUri = "",
                Code = authCode,
                GrantType = "authorization_code"
            };

            var tokenResponse = request.ExecuteAsync(new System.Net.Http.HttpClient(), "https://www.googleapis.com/oauth2/v4/token", new System.Threading.CancellationToken(), Google.Apis.Util.SystemClock.Default).GetAwaiter().GetResult();

            Console.ReadLine();
        }
    }
}