Using 2-legged OAuth 1.0 (2LO) with Google Tasks API for Google Apps Domain Admins

Google Tasks API was launched in May this year, Google Apps Developer blog today shared the steps to help Google Apps domain administrators to help using the API with 2-legged OAuth 1.0 (2LO) for authorization.The process for using 2LO with the Tasks API is slightly different compared to using it for the Google Calendar API […]

Google Tasks API was launched in May this year, Google Apps Developer blog today shared the steps to help Google Apps domain administrators to help using the API with 2-legged OAuth 1.0 (2LO) for authorization.

The process for using 2LO with the Tasks API is slightly different compared to using it for the Google Calendar API or the Google Contacts APIs, which makes it a little tricky if you're already accustomed to working with those.

Note: 2-legged OAuth via the method described in this post and referenced documentation is available for Google Apps for Business and Google Apps for Education administrators, but is not available for administrators of the Free edition.

The Tasks API needs to know which APIs Console project is sending requests to the API, specify the API Key of your project within each request to the Tasks API:

e.g.: https://www.googleapis.com/tasks/v1/users/username/lists?key=<API_KEY>

Enabling the Tasks API for your domain OAuth key and secret
"Also, before your API requests will be successful, you'll need to change a few things in your OAuth Consumer Key and Secret configuration. In the Manage OAuth domain key page available in Google Apps Control Panel (under advanced tools), you'll need to make sure that the option Enable this consumer key is checked and the option saying Allow access to all APIs is unchecked. This may sound counterintuitive, but this option will give you access to a specific set of APIs and is necessary to access the Tasks API," explained Nicolas Garnier.

Setting up the domain OAuth consumer key and secret
"Then you'll need to specify which APIs you want your domain OAuth key and secret to have access to. You'll be able to do this in the Manage third party OAuth Client access page where you'll need to list manually all the scopes that your domain key will have access to," added Garnier. For e.g. for your token to have access to Calendar API and Tasks API use:
e.g.: https://www.google.com/calendar/feeds/, https://www.googleapis.com/auth/tasks

For a more detailed and step-by-step explanation with code samples on how to use 2LO, refer this newly published article: Using 2-Legged OAuth with Google Tasks API for Google Apps domain administrators:

You can also refer our earlier post, Getting Started with the Tasks API on Google App Engine: Tutorial.

[Source: Google Apps Developer Blog]