Generate an OAuth 2.0 token and then use GeekTool to view your Google Analytics stats on your desktop!
Requirements For This Walkthrough
Materials
- Mac running OS X
- A Website being tracked by Google Analytics
Downloads
- GeekTool
dailyVisitsFromGoogleAnlytics.glet(new version coming soon)
Resources
The first link has been the most helpful and was the resource that this article is based off. You can read through all the dry Google documentation, but it is very difficult to figure out how to actually set up OAuth 2.0. I also recommend the second link, which is helpful in finding out what metrics you might want to see in the script.
- http://www.visualab.org/index.php/using-google-rest-api-for-analytics
- https://ga-dev-tools.appspot.com/explorer
- https://developers.google.com/analytics/solutions/articles/hello-analytics-api
- https://developers.google.com/gdata/articles/oauth
- http://michal.karzynski.pl/blog/2010/10/28/check-google-analytics-unique-visitors-python/
- http://mihasya.com/blog/google-data-api-with-oauth-using-the-gdata-python-client/
- http://stackoverflow.com/questions/18244110/use-bash-curl-with-oauth-to-return-google-apps-user-account-date
- https://developers.google.com/analytics/devguides/reporting/realtime/dimsmets/
How-to Do This
Conceptual Overview
- Create a new API project
- Generate an OAuth 2.0 client ID
- Request a token (and refresh it)
- Create a script that will pull the information you want
- Paste the script into GeekTool
Create A New API Project
- Open the API Console
- Click Create Project
- Modify the project name if desired
- Click Create
Enable the Analytics API
Generate an OAuth 2.0 Client ID
Request A Token (And Refresh It)
Construct A URL To Gain An Authorization Code
- Construct a URL similar to the following (the example below is broken down by line for readability; the actual URL should be one long string) The client ID is found at https://console.developers.google.com/project/apps~your-project-123 under APIs and auth > Credentials :
https://accounts.google.com/o/oauth2/auth? scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics &redirect_uri=YOUR_REDIRECT_URI_HERE &response_type=code &client_id=YOUR_CLIENT_ID_HERE
Here are the components of the URL broken down:
- scope= is what you will see when access is requested in the Web browser. Not inherently important in this example since you will be the only one doing it, but for simplicity, set it to request access to Google Analytics data. Below are two screenshots of how the access request looks different depending on what you put here
- redirect_uri= is found under APIs and auth > Credentials in your project page
- response_type= setting this to code will indicate that Google OAuth 2.0 should return an authorization code, which will be used to gain an OAuth access token
- client_id= also found under APIs and auth > Credentials
Copy An Authorization Code From A Browser
- Paste the URL that you just constructed in a Web browser and it will prompt for access
- Click Accept
- Copy the code (it will be pasted into the cURL command below)
Paste Data Into A Text File For Easier Access
At this point, I recommend beginning a text document (or downloading the script I put together) because there is a lot of copying/pasting happening in the next section and it is easy to get confused as to where to find what key, ID, or access token. As a side effect, you will essentially be writing your script as you go through this. If you don’t want to do this, skip ahead to Request An Access Token Using The Authorization Code.
Create Variables To Store IDs and Tokens For Easy Copy/Paste
In my text file, I set up variables where I could paste all the information so it is easy to copy/paste.
So as you continue this walkthrough, paste the items in their respective areas.
Request An Access Token Using The Authorization Code
Form a cURL command by pasting in the authorization code, and the other unique information (Client ID and Client Secret). If you copy and paste this, it will need to be run on one line–they are just separated by each component for readability on the site.
curl -H "Content-Type: application/x-www-form-urlencoded" \ -d code=YOUR_AUTHORIZATION_CODE_HERE -d client_id=YOUR_CLIENT_ID_HERE -d client_secret=YOUR_CLIENT_SECRET_HERE -d redirect_uri=YOUR_REDIRECT_URI_HERE -d grant_type=authorization_code https://accounts.google.com/o/oauth2/token
This will return a response in .json format similar to the following:
{ "access_token" : "ya29.Y12345678901234567890-cg", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "1/yb_X_12345678901234567890" }
Paste the access token from the output of the command into another cURL command (you may also want to copy the refresh_token for use later:
curl 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=YOUR_ACCESS_TOKEN_HERE'
This will return something similar to:
{ "issued_to": "1234567890-efgeetergshsrthdhd.apps.googleusercontent.com", "audience": "1234567890-efgeetergshsrthdhd.apps.googleusercontent.com", "scope": "https://www.googleapis.com/auth/analytics", "expires_in": 3356, "access_type": "offline" }
The token is good for one hour, so refreshing the token is explained later.
Use the OAuth Token To Query Google Analytics
Finally, you can query Google Analytics for some data. In the example below, I query the number of visits in the past day (again, put this on a single line when you run it):
curl -s 'https://www.googleapis.com/analytics/v3/data/ga?ids=ga:YOUR_GOOGLE_ANALYTICS_PROFILE_ID_HERE &metrics=ga:visits& start-date=2015-02-05 &end-date=2015-02-05 &access_token=YOUR_ACCESS_TOKEN_HERE'
This will return a bunch of hard-to-read information all on one line. In the next section, I will show you how to parse out the information you want, which will then be used in the geeklet.
Having Trouble Finding Your Profile ID (I Did, Too)
Dissecting The URL For Information
I had trouble finding the profile ID (table ID) and other information. It turns out it is just built into the URL of a Analytics Dashboard. See the screen shot below:
Create A Script
If you have been copying/pasting into the template I provided, your script is almost done! But I will walk through what is happening in the script.
Parse Out Only Useful Information
The messy output from the command above needs to be cleaned up a bit before it becomes useful. Pipe the output of the command through tr and convert the commas into newlines.
curl command above | tr , '\n'
From there, you can grep out the items you need much easier. For example, in the script, I just want to get the number of visits. So in classic UNIX-style, I just continue sending the output through pipe until I get what I want:
curl command from above | tr , '\n' | grep "totalsForAllResults" | cut -d'"' -f6
The above returns just the amount of visits, which is perfect for the script.
Refresh The Token
Since the geeklet will continually be running, it will be useful to refresh the token so manual intervention won’t be needed to keep the script running.
Use the refresh token, which was generated earlier.
curl -d "client_id=YOUR_CLIENT_ID_HERE &client_secret=YOUR_CLIENT_SECRET_HERE &refresh_token=YOUR_REFRESH_TOKEN_HERE &grant_type=refresh_token" https://accounts.google.com/o/oauth2/token
Create A Geeklet
A trimmed down script is below, but the fully-commented one is on Github. Now for the fun part: turning your scripted Google Analytics into useful information that displays on your desktop!
Final Product
The Geeklet isn’t perfect, but it was fun to learn how to use OAuth 2.0 and hopefully you will find it useful. If you have other ideas, let me know in the comments or on Github.
Thanks for this tutorial, very helpful… I got it to working but I think the refresh token curl is not doing it’s thing, or maybe I messed up somewhere because after an hour or so it stops working. Then I keep having to manually ‘Request An Access Token Using The Authorization Code’ and then update the token in your shell script to get it to work, any ideas?
If your refresh rate is set for too long, the token will expire and you will have to manually request a new one. Just make sure your refresh rate on your geeklet is less than the expiration of the token.
I have the same problem. From what I’ve noticed the refresh token actually generates a new access token, so without setting the new access token to the variable once the hour is up on that initial token you have to go through the process of generating the code again.
EDIT: The script runs every 15 seconds (well under that 3600 threshold). I modified to show realtime visitors which is why I refresh frequently.
Interesting. It’s been a while since I have done this, so maybe something is different. I thought for sure I was able to do it by refreshing before the time limit is reached, but I could be wrong. I’ll have to take a look at this and refresh myself.
I’ll be digging into it more as well. My idea at the moment is to sort of setup a process that will generate the code, perhaps when I login to the computer. Then generate the access_token/refresh_token to save in a config file. The geeklet script can be modified to use the config file and another script can run as a cron to keep the file updated. Not perfect, but I think that’d let me run it throughout my session with minimal effort. There is definitely some good info here though, thanks for putting this together!
I believe I got it working. I used this as a reference:
http://stackoverflow.com/questions/18244110/use-bash-curl-with-oauth-to-return-google-apps-user-account-date
I renamed the 2 token variables to match the ones that are created in the cache file and am including the file within your script. Then I just modified the Refresh OAuth portion of your script to use the code from stack overflow. So everytime the script runs it will determine if a new token needs to be generated or not and won’t generate if they do not need to be.
If I ever need to obtain a new code I can manually execute the stack overflow script and paste the code in to generate a new token.
From what I can tell this was able to generate new tokens for me even overnight without having to authorize on the google account and obtain a new code.
Could you share your entire script with me? I would like to update this article with a working version.
Could you share your script? I’m re-working mine but would love to see what you have done.
Step 1: Create Bash script. You’ll run this script after filling in the client_id/secret/redirect uri. In my environment this script lives in ~/oauth.txt. Sorry I’m weird I like to give my executable scripts .txt extensions.
Code for the script here:
http://pastebin.com/a73jUyEb
One particular note: I had to install the gnu version of grep, so the “ggrep” may be need to be called as specific for your system.
It will provide you with the google url to generate your code. You’ll paste that into the browser and the copy/paste the code back into the script.
All of the variables are now written to ~/oauth_cache.txt for use within your script.
Here is a reworked version of your script:
http://pastebin.com/wDf1UVyj
Note lines 26 and 56. So line 56 will run every geektool interval but the script itself will only generate a new token for use every hour. All variables would be loaded into the script on line 26. So far ever since these changes I have not needed to manually generate a code.
Nice article, helped me a lot!
Profile ID can be found on the Analytics page
Admin -> View -> View Settings
and then under “View ID”