Google services are using various authentication tokens for various parts of available functionality, so, for example, Google Drive and Google Plus will require two different logins even for the same account. Additionally, Google services use OAuth as authentication/authorization, so a consent screen will be shown even when a login and a password are known (more info about that can be found in
Google API documentation). Nevertheless, OAuth Refresh Tokens can be extracted from Google Drive Sync client traffic (it uses HTTPS encrypted protocol, so it is not easy to intercept without access to a client machine).
Google Drive consent screen
This authorization method uses user consent (as specified by OAuth protocol) to receive a permission to download files and meta-information from Google Drive. On a first use it opens
standard Google consent screen where user should authenticate with Google (using credentials of the account which information
and files are to be downloaded) and if authentication is successful give an application rights to view files in Google Drive:
Google Drive Refresh Token
This option uses Refresh Token extracted from Google Drive Sync client to authorize BelkaImager. Refresh Tokens have long lifespan (over 6 months), but can be revoked by user or by Google itself if there are too many Refresh Tokens are registered at the same time (25 tokens per account per client).
More details on this in Google API docs. To get Refresh Token from Google Drive Sync client it is possible to use Fiddler tool configured to decrypt HTTPS traffic (
more info here, note that it requires to install self-signed certificate on a client machine).
Also Google Drive Sync shall be started with “--unsafe_network” command-line option.
Here is the detailed instruction on how to do this.
Fiddler screen with intercepted Google Drive Refresh Token looks as follows:
Note that Refresh Token is used only in a request to “accounts.google.com/o/oauth2/token”, all subsequent requests use Access Token that is provided by a request with Refresh Token (Access Token is short-lived so cannot be used for authorization).
Also Refresh Token can be obtained via user consent, if login and password for Google Account is known; in this case one can use “Google Drive consent screen” authentication method. Note that Refresh Token received this way is also long-lived and can be used later with “Refresh Token” authorization method.
Google Plus consent screen
It works the same way as Google Drive consent screen, but uses different application scope, so separate authorization will be required.
Google Plus Refresh Token
It works the same way as Google Drive Refresh Token, but uses different Refresh Token, so tokens from Google Drive will not work for Google Plus authorization. There is no widespread Google Plus client, so the only way to get Refresh Token is to use “Google Plus consent screen” authentication method and save token received after user consent.