I would like to build an application that manages appointments in Google calendar on behalf of my users when they are not logged in.
The application would be a booking service, subscribing users (our service providers) would book out the times they are not available, and customers would see a free/busy representation of the service provider's google calendar
The application would need the ability to create, delete, and read appointments.
I have gone to the Google Developer's Console and have working code that pops up the Google Permissions screen, then redirects to a Url that successfully creates a new appointment.
I can access other calendar's but only if they are are logged into Google services at that time.
$client = new \Google_Client();
$client->addScope('https://www.googleapis.com/auth/calendar');
$service = new \Google_Service_Calendar($client);
$authUrl = $client->createAuthUrl();
This works okay if the user is managing their own Calendar. However, I want to manage appointments on their behalf. This would include others parties entering appointments into the calendar - i.e. when the calendar is not logged in.
What I need is an enduring authority for application to gain enduring access to my user's calendar?
Does anyone know if this possible? Thoughts as to how I could approach the problem would be appreciated.
OAuth 2.0 service accounts are the proper method for accessing user accounts:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
You need to grant the service account client id access to the necessary Calendar API scopes:
https://developers.google.com/drive/web/delegation#delegate_domain-wide_authority_to_your_service_account
Then your service account can impersonate your users and perform calendar operations on their behalf:
https://developers.google.com/drive/web/delegation#instantiate_a_drive_service_object
These docs describe Google Drive but the process for Calendar is identical.