This guide shows how to allow a teacher to log into your app with Google OAuth, and then use their token to fetch student rosters from Google Classroom.
Google Cloud Setup
- Go to Google Cloud Console.
- Create a new project.
- Enable the Classroom API under APIs & Services → Library.
- Configure the OAuth Consent Screen:
- Choose External.
- Fill in app details.
- Add scopes:
https://www.googleapis.com/auth/classroom.courses.readonlyhttps://www.googleapis.com/auth/classroom.rosters.readonly
- Add test users.
- Create OAuth Client ID:
- Go to APIs & Services → Credentials → Create Credentials → OAuth client ID.
- Choose Web Application.
- Add redirect URIs (e.g.,
http://localhost:3000/oauth2callback,https://myapp.com/oauth2callback). - Save Client ID and Client Secret.
OAuth 2.0 Flow
Step 1: Redirect Teacher to Google Login
https://accounts.google.com/o/oauth2/v2/auth?
client_id=YOUR_CLIENT_ID&
redirect_uri=YOUR_REDIRECT_URI&
response_type=code&
scope=https://www.googleapis.com/auth/classroom.courses.readonly https://www.googleapis.com/auth/classroom.rosters.readonly&
access_type=offline&
prompt=consent
-
access_type=offline→ gives refresh tokens. -
prompt=consent→ forces consent screen.
Step 2: Teacher Grants Access
Google redirects to:
https://your-app.com/oauth2callback?code=AUTH_CODE
Step 3: Exchange Code for Tokens
POST https://oauth2.googleapis.com/token
Content-Type: application/x-www-form-urlencoded
code=AUTH_CODE
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&redirect_uri=YOUR_REDIRECT_URI
&grant_type=authorization_code
Example response:
{
"access_token": "ya29.a0AfH6SMA...",
"expires_in": 3599,
"refresh_token": "1//0gAbCdEfGhIjKlMn...",
"scope": "https://www.googleapis.com/auth/classroom.courses.readonly https://www.googleapis.com/auth/classroom.rosters.readonly",
"token_type": "Bearer"
}
Step 4: Use Access Token
Add header:
Authorization: Bearer ACCESS_TOKEN
Classroom API Calls
Get Teacher’s Courses
GET https://classroom.googleapis.com/v1/courses
Authorization: Bearer ACCESS_TOKEN
Example:
{
"courses": [
{
"id": "123456789012",
"name": "Algebra 1",
"section": "Period 2",
"descriptionHeading": "Algebra Basics",
"ownerId": "me",
"courseState": "ACTIVE"
},
{
"id": "987654321098",
"name": "History 101",
"ownerId": "me",
"courseState": "ACTIVE"
}
]
}
Get Students in a Course
GET https://classroom.googleapis.com/v1/courses/{courseId}/students
Authorization: Bearer ACCESS_TOKEN
Example:
{
"students": [
{
"userId": "111111111111111111111",
"profile": {
"id": "111111111111111111111",
"name": {
"givenName": "Alice",
"familyName": "Johnson",
"fullName": "Alice Johnson"
},
"emailAddress": "alice@example.com",
"photoUrl": "https://lh3.googleusercontent.com/a/default-user"
}
},
{
"userId": "222222222222222222222",
"profile": {
"id": "222222222222222222222",
"name": {
"givenName": "Bob",
"familyName": "Smith",
"fullName": "Bob Smith"
},
"emailAddress": "bob@example.com"
}
}
]
}
Get a Single Student
GET https://classroom.googleapis.com/v1/courses/{courseId}/students/{userId}
Authorization: Bearer ACCESS_TOKEN
Example:
{
"userId": "111111111111111111111",
"profile": {
"id": "111111111111111111111",
"name": {
"givenName": "Alice",
"familyName": "Johnson",
"fullName": "Alice Johnson"
},
"emailAddress": "alice@example.com"
}
}
Token Refresh
When the access token expires:
POST https://oauth2.googleapis.com/token
Content-Type: application/x-www-form-urlencoded
client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&refresh_token=REFRESH_TOKEN
&grant_type=refresh_token
Example:
{
"access_token": "ya29.a0AfH6SMAnewtoken...",
"expires_in": 3599,
"scope": "https://www.googleapis.com/auth/classroom.courses.readonly https://www.googleapis.com/auth/classroom.rosters.readonly",
"token_type": "Bearer"
}
✅ Summary
- Create Cloud Project → Enable Classroom API → OAuth Client ID.
- Redirect teacher to Google OAuth.
- Exchange authorization code for tokens.
- Use access token to call Classroom API.
- Fetch courses, then students per course.
- Store refresh tokens for long-term use.
Top comments (0)