Author PhotoBy Nicolas Garnier, Developer Relations

Last November, we launched the OAuth 2.0 Playground, a tool enabling you to easily experiment with the OAuth 2.0 protocol and APIs that use the protocol.

screen shot
The OAuth 2.0 Playground

Since then, we've continued adding new features to improve the developer experience and increase the versatility of the tool.

Below is a list of features that we added since the initial release of the OAuth 2.0 playground.


Support for the OAuth 2.0 Client-side flow

You can now use the playground to experiment with the OAuth 2.0 Client-side flow by simply changing a setting in the OAuth 2.0 configuration dialog. Once set, every subsequent authorization request is performed using the client-side flow, and the playground’s interface and logic adapt accordingly.

screen shot
Setting the OAuth flow type


Support for newer OAuth 2.0 drafts

We have added a setting to change the location of the access token in authorized requests to the APIs. We added support for the authorization header with a Bearer prefix and the access_token URL parameter locations. This makes the playground compatible with most APIs supporting OAuth 2.0 drafts 10 to 25.

screen shot
Setting the access token location


Display available API operations

You can now easily display all the operations that are available using your current access token. After clicking the Find available Request URIs button, the operations along with their associated HTTP Methods and URIs are displayed on the right-hand side. This should help you quickly set up your request to the Google APIs without needing to search through the online documentation.

screen shot
Displaying the available endpoints after being authorized for the Google+ API


Note: the technique used to find the list of operations available given an access token is described in this blog post.


Support for the access_type and the approval_prompt parameters

The playground now also lets you try the new Google-specific settings of the OAuth 2.0 flow: the access_type and the approval_prompt parameters of the authorization request.

screen shot
Setting the access type and whether or not to force the approval prompt


Automatically refresh access tokens

If a refresh token is available, you can enable a feature that will automatically refresh the access token shortly before it expires. This is convenient if you are using the playground for a long time or if you are re-initializing the playground using the deep-link feature.

screen shot
Enabling the access token auto-refresh feature


Selectable links in responses

Clicking any links in an HTTP response will populate the request URI field so that you can quickly and conveniently set up the playground for the next operation.

screen shot
Clicking a link populates the Request URI field


If you have any feedback or would like to get in touch with us, please don’t hesitate to post on the OAuth 2.0 Playground forum.


Nicolas Garnier joined Google Developer Relations in 2008 and lives in Zurich. He is a Developer Advocate focusing on Google Apps and Web APIs. Before joining Google, Nicolas worked at Airbus and at the French Space Agency where he built web applications for scientific researchers.

Posted by Scott Knaster, Editor