OAuth 2.0 Google Analytics on Your Desktop Using GeekTool Using Bash and cURL

Generate an OAuth 2.0 token and then use GeekTool to view your Google Analytics stats on your desktop!

Requirements For This Walkthrough

Materials

  1. Mac running OS X
  2. A Website being tracked by Google Analytics

Downloads

  1. GeekTool
  2. dailyVisitsFromGoogleAnlytics.glet (new version coming soon)

Resources

The first link has been the most helpful and was the resource that this article is based off.  You can read through all the dry Google documentation, but it is very difficult to figure out how to actually set up OAuth 2.0.  I also recommend the second link, which is helpful in finding out what metrics you might want to see in the script.

How-to Do This

Conceptual Overview

  1. Create a new API project
  2. Generate an OAuth 2.0 client ID
  3. Request a token (and refresh it)
  4. Create a script that will pull the information you want
  5. Paste the script into GeekTool

webflow

Create A New API Project

  1. Open the API Console
  2. Click Create Project
  3. Modify the project name if desired
  4. Click Create001projectmade

Enable the Analytics API

  1. Open the project
  2. Click Enable an API002enableanapi
  3. Turn on the Analytics API003turnonanalytics

Generate an OAuth 2.0 Client ID

  1. Click Create new Client ID004apicredentials
  2. Select Installed application005oauth2tokenclientid
  3. Click Create Client ID

Request A Token (And Refresh It)

Construct A URL To Gain An Authorization Code

  1. Construct a URL similar to the following (the example below is broken down by line for readability; the actual URL should be one long string)  The client ID is found at https://console.developers.google.com/project/apps~your-project-123 under APIs and auth > Credentials :005apicredentials
https://accounts.google.com/o/oauth2/auth?
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics
&redirect_uri=YOUR_REDIRECT_URI_HERE
&response_type=code
&client_id=YOUR_CLIENT_ID_HERE

Here are the components of the URL broken down:

  • scope= is what you will see when access is requested in the Web browser.  Not inherently important in this example since you will be the only one doing it, but for simplicity, set it to request access to Google Analytics data.  Below are two screenshots of how the access request looks different depending on what you put here007access01 007access02
  • redirect_uri= is found under APIs and auth > Credentials in your project page
  • response_type= setting this to code  will indicate that Google OAuth 2.0 should return an authorization code, which will be used to gain an OAuth access token
  • client_id= also found under APIs and auth > Credentials

Copy An Authorization Code From A Browser

  1. Paste the URL that you just constructed in a Web browser and it will prompt for access
  2. Click Accept
  3. Copy the code (it will be pasted into the cURL  command below)

Paste Data Into A Text File For Easier Access

At this point, I recommend beginning a text document (or downloading the script I put together) because there is a lot of copying/pasting happening in the next section and it is easy to get confused as to where to find what key, ID, or access token.  As a side effect, you will essentially be writing your script as you go through this.  If you don’t want to do this, skip ahead to Request An Access Token Using The Authorization Code.

Create Variables To Store IDs and Tokens For Easy Copy/Paste

In my text file, I set up variables where I could paste all the information so it is easy to copy/paste.

textwrangerltemplate

So as you continue this walkthrough, paste the items in their respective areas.

Request An Access Token Using The Authorization Code

Form a  cURL  command by pasting in the authorization code, and the other unique information (Client ID and Client Secret).  If you copy and paste this, it will need to be run on one line–they are just separated by each component for readability on the site.

curl -H "Content-Type: application/x-www-form-urlencoded" \
-d code=YOUR_AUTHORIZATION_CODE_HERE
-d client_id=YOUR_CLIENT_ID_HERE
-d client_secret=YOUR_CLIENT_SECRET_HERE
-d redirect_uri=YOUR_REDIRECT_URI_HERE
-d grant_type=authorization_code https://accounts.google.com/o/oauth2/token

This will return a response in  .json  format similar to the following:

{
  "access_token" : "ya29.Y12345678901234567890-cg",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "1/yb_X_12345678901234567890"
}

Paste the access token from the output of the command into another cURL  command (you may also want to copy the refresh_token for use later:

curl 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=YOUR_ACCESS_TOKEN_HERE'

This will return something similar to:

{
 "issued_to": "1234567890-efgeetergshsrthdhd.apps.googleusercontent.com",
 "audience": "1234567890-efgeetergshsrthdhd.apps.googleusercontent.com",
 "scope": "https://www.googleapis.com/auth/analytics",
 "expires_in": 3356,
 "access_type": "offline"
}

The token is good for one hour, so refreshing the token is explained later.

Use the OAuth Token To Query Google Analytics

Finally, you can query Google Analytics for some data.  In the example below, I query the number of visits in the past day (again, put this on a single line when you run it):

curl -s 'https://www.googleapis.com/analytics/v3/data/ga?ids=ga:YOUR_GOOGLE_ANALYTICS_PROFILE_ID_HERE
&metrics=ga:visits&
start-date=2015-02-05
&end-date=2015-02-05
&access_token=YOUR_ACCESS_TOKEN_HERE'

This will return a bunch of hard-to-read information all on one line.  In the next section, I will show you how to parse out the information you want, which will then be used in the geeklet.

Having Trouble Finding Your Profile ID (I Did, Too)

Dissecting The URL For Information

I had trouble finding the profile ID (table ID) and other information.  It turns out it is just built into the URL of a Analytics Dashboard.  See the screen shot below:

analyticsurlhelp

Create A Script

If you have been copying/pasting into the template I provided, your script is almost done!  But I will walk through what is happening in the script.

Parse Out Only Useful Information

The messy output from the command above needs to be cleaned up a bit before it becomes useful.  Pipe the output of the command through tr  and convert the commas into newlines.

curl command above | tr , '\n'

From there, you can grep out the items you need much easier.  For example, in the script, I just want to get the number of visits.  So in classic UNIX-style, I just continue sending the output through pipe until I get what I want:

curl command from above | tr , '\n' | grep "totalsForAllResults" | cut -d'"' -f6

The above returns just the amount of visits, which is perfect for the script.

Refresh The Token

Since the geeklet will continually be running, it will be useful to refresh the token so manual intervention won’t be needed to keep the script running.

Use the refresh token, which was generated earlier.

curl -d "client_id=YOUR_CLIENT_ID_HERE
&client_secret=YOUR_CLIENT_SECRET_HERE
&refresh_token=YOUR_REFRESH_TOKEN_HERE
&grant_type=refresh_token" https://accounts.google.com/o/oauth2/token

Create A Geeklet

A trimmed down script is below, but the fully-commented one is on Github.  Now for the fun part: turning your scripted Google Analytics into useful information that displays on your desktop!

Final Product

analyticsdailyvisits

The Geeklet isn’t perfect, but it was fun to learn how to use OAuth 2.0 and hopefully you will find it useful.  If you have other ideas, let me know in the comments or on Github.

 

 

10 Replies to “OAuth 2.0 Google Analytics on Your Desktop Using GeekTool Using Bash and cURL”

  1. Thanks for this tutorial, very helpful… I got it to working but I think the refresh token curl is not doing it’s thing, or maybe I messed up somewhere because after an hour or so it stops working. Then I keep having to manually ‘Request An Access Token Using The Authorization Code’ and then update the token in your shell script to get it to work, any ideas?

    1. If your refresh rate is set for too long, the token will expire and you will have to manually request a new one. Just make sure your refresh rate on your geeklet is less than the expiration of the token.

      1. I have the same problem. From what I’ve noticed the refresh token actually generates a new access token, so without setting the new access token to the variable once the hour is up on that initial token you have to go through the process of generating the code again.

        EDIT: The script runs every 15 seconds (well under that 3600 threshold). I modified to show realtime visitors which is why I refresh frequently.

        1. Interesting. It’s been a while since I have done this, so maybe something is different. I thought for sure I was able to do it by refreshing before the time limit is reached, but I could be wrong. I’ll have to take a look at this and refresh myself.

          1. I’ll be digging into it more as well. My idea at the moment is to sort of setup a process that will generate the code, perhaps when I login to the computer. Then generate the access_token/refresh_token to save in a config file. The geeklet script can be modified to use the config file and another script can run as a cron to keep the file updated. Not perfect, but I think that’d let me run it throughout my session with minimal effort. There is definitely some good info here though, thanks for putting this together!

          2. I believe I got it working. I used this as a reference:
            http://stackoverflow.com/questions/18244110/use-bash-curl-with-oauth-to-return-google-apps-user-account-date

            I renamed the 2 token variables to match the ones that are created in the cache file and am including the file within your script. Then I just modified the Refresh OAuth portion of your script to use the code from stack overflow. So everytime the script runs it will determine if a new token needs to be generated or not and won’t generate if they do not need to be.

            If I ever need to obtain a new code I can manually execute the stack overflow script and paste the code in to generate a new token.

            From what I can tell this was able to generate new tokens for me even overnight without having to authorize on the google account and obtain a new code.

          3. Could you share your script? I’m re-working mine but would love to see what you have done.

          4. Step 1: Create Bash script. You’ll run this script after filling in the client_id/secret/redirect uri. In my environment this script lives in ~/oauth.txt. Sorry I’m weird I like to give my executable scripts .txt extensions.

            Code for the script here:
            http://pastebin.com/a73jUyEb

            One particular note: I had to install the gnu version of grep, so the “ggrep” may be need to be called as specific for your system.

            It will provide you with the google url to generate your code. You’ll paste that into the browser and the copy/paste the code back into the script.

            All of the variables are now written to ~/oauth_cache.txt for use within your script.

            Here is a reworked version of your script:
            http://pastebin.com/wDf1UVyj

            Note lines 26 and 56. So line 56 will run every geektool interval but the script itself will only generate a new token for use every hour. All variables would be loaded into the script on line 26. So far ever since these changes I have not needed to manually generate a code.

  2. Nice article, helped me a lot!

    Profile ID can be found on the Analytics page
    Admin -> View -> View Settings
    and then under “View ID”

Leave a Reply