 Hi, everyone. I'm Eiji. In a previous video, we've looked at implementing authentication using Google sign name. In this video, I will walk you through implementing authorization and making requests to Google APIs from a client and from a server. Before moving forward, let's discuss the difference between authentication and authorization. Authentication means to identify who the user is. And authorization means getting permissions to access an API on behalf of the user. In many cases, these two steps occur together, where people sign in and grant permissions at the same time without knowing how these permissions will be used in the future. Our current recommendation is to let users authenticate first and defer asking permissions until you need to access an API. In order to use the Google APIs, you have to enable them from the developer console. Then, looking at this page, you can find the scope strings that correspond to the APIs you have enabled. Each one of these represents an API, so take note of the ones you need. Now you can make requests from the client or from the server. Let's look at the client first. There are two steps. You first need to get a permission from the user. Check if the user has already granted access to the API using has-granted scopes. Otherwise, request permission by calling grant. Use the scope strings you obtained in the previous step. Once the permissions is granted, you can make API calls on behalf of the user. To send requests to the Google APIs, you can use GAPI. For example, if you want to use a Google Drive API, add client module, then drive module with the API version. Using client libraries is simple. In this case, I'm grabbing the list of files and folders in the user's root directory. OK, let's see how we do the exact same thing on the server side. Getting the user's permission happens on the client side. Use grant offline access to get a permission. Offline means that you can access Google APIs even when the user is not using your application. Upon user's consent, your client will receive an object that contains auth code. And now, you can send the auth code over to the server using a secure HPS connection. On the server side, use the client library to exchange an auth code with the cliential object, which includes access token, refresh token, and ID token. The access token is a primary key to access the user data through Google APIs. The refresh token is a key to renew the access token. And ID token represents the authenticated user, as I mentioned in your previous video. Remember that the client libraries take care of refreshing the access token if it has expired. For this reason, you should store the credential object in your database after each request. This ensures you always have the latest credential object. Once you got the credentials, you can make API calls by using the specific API's client library. OK, so we have gone through the steps we recommend in order to use Google Sign In effectively. If you have any questions, ask them at Stack Overflow with a tag, Google Sign In, and we will do our best to answer them. Thanks for stopping by. I hope you will enjoy coding a smoother sign-in experience for your users with Google Sign In.