Authenticating Google Client Library for a Django Application

Recently I was tasked with integrating Google Sheets with Django. It was necessary for a row to be added to a Google Sheet on completion of a user action. Having no experience with interacting with Google Sheets programmatically, a quick search found me the Google Sheets API V4 Python Quickstart Guide.

Remember: I needed to append a row a Google sheet on behalf of the application NOT the user.

OAuth

I followed the quickstart guide and was able to create a functioning application that was able to add a row to Google Sheets. However as I simply followed the Quickstart guide I only experienced the OAuth workflow. This meant I was required to sign in, in order to get my application to make changed to the Google Sheet. This was not viable in a production environment.

OAuth would only make sense if I was manipulating Google Sheets on a users behalf. It would be ok for a user to be shown a Google login page to complete and on completion their access token to be stored on the server for authentication to the API.

I haven’t provided any code examples for this because Google have already provided this here.

API Key

An API key is a simple encrypted string that identifies an application without any principal.Google – Using API Keys

This means that when your authenticating using an API Key, you are not identifying as a Google User or a Google Service Account. It can be seen as like a “god mode”. As there is no principal associated with the use the API Key there is no accountability for its use.

Here’s how you construct a resource for interacting with the Google API (Google Sheets) using an API Key:

service = build('sheets', 'v4', developerKey=YOUR-API-KEY-HERE)

Remember to not include your API Key in your code base by using environment variables.

Google Service Account

The solution I ended up going with was the use of a Google Service Account to make authorised API calls on behalf of my Django application. The benefit of using a service account is that much like a user account you can view the history of the service accounts changes. This level of accountability allows me to have different service accounts for different pieces of functionality making it easy for me to identify which part of my code interacted with Google’s API.

Creating a service account from within Google Cloud Platform

Once you’ve created a service account for your application you’ll be to then download a private key containing the configuration needed for your Django application to authenticate with Google.

Generating a private key for the service account

Once you have the JSON file you can then then finally use it to authenticate your application:

credentials = service_account.Credentials.from_service_account_file(
    '/path/to/your/key.json')

service = build('sheets', 'v4', credentials=credentials)

Remember: Don’t store the private key in your code base!

Now any interaction with the API will be done on behalf of the service account which can be held accountable.

F-Strings in Python

Python is a powerful and versatile programming language that is used for a variety of tasks. One of the most useful features of Python is its F-strings. F-strings are a type of string formatting that allows you to embed variables and expressions directly into a string. This makes it easier to create dynamic strings that can be used for a variety of purposes.

F-strings are much easier to use than the traditional string formatting methods. With traditional string formatting, you have to use the % operator to insert variables into a string. This can be difficult to read and understand, especially for beginners. F-strings make it much easier to read and understand the code.

F-strings also make it easier to debug your code. With traditional string formatting, it can be difficult to find the source of an error. With F-strings, you can easily see which variables are being used and where they are being used. This makes it much easier to find and fix errors.

F-strings also make it easier to write code that is more efficient. With traditional string formatting, you have to use multiple lines of code to insert variables into a string. With F-strings, you can do this in a single line of code. This makes your code more concise and easier to read.

Finally, F-strings are more secure than traditional string formatting. With traditional string formatting, you can easily introduce security vulnerabilities into your code. With F-strings, you can avoid these vulnerabilities by using the f-string syntax.

Here’s an example of how ugly my strings used to look:

name = "Nish"
adjective = "ugly"
print("My name is " + name + " and my code is " + adjective)

However late, I was then introduced to F-Strings, an elegant way to integrate variables into strings. Here’s how I’d do the same as before using F-Strings:

name = "Nish"
adjective = "beautiful"
print(f"My name is {name} and my code is {adjective}")

As you can see the code above is a lot more readable and I’m less likely to accidentally mess up the syntax of the string up as I would while messing with concatenations.

© 2024 Nish.io. Designed by Quema Labs.