Add Google Health API authorization support

authorizer-app-backend/authorizer.yml

@@ -26,16 +26,21 @@ restSourceClients:
     clientId: <CLIENT_ID>
     clientSecret: <CLIENT_SECRET>
     scope: activity heartrate sleep profile
-    usesPkce: false
   # Garmin OAuth2 PKCE configuration.
   # oauthVersion: "oauth2" selects the GarminOAuth2AuthorizationService;
   #               "oauth1" selects the legacy GarminOAuth1AuthorizationService.
-  # usesPkce: must be true for Garmin OAuth2 (Garmin requires PKCE).
   - sourceType: Garmin
     authorizationEndpoint: https://connect.garmin.com/oauth2Confirm
     tokenEndpoint: https://diauth.garmin.com/di-oauth2-service/oauth/token
     deregistrationEndpoint: https://apis.garmin.com/wellness-api/rest/user/registration
     clientId: <GARMIN_CLIENT_ID>
     clientSecret: <GARMIN_CLIENT_SECRET>
     oauthVersion: oauth2
-    usesPkce: true
+  # Google Health API
+  - sourceType: Google
+    authorizationEndpoint: https://accounts.google.com/o/oauth2/v2/auth
+    tokenEndpoint: https://oauth2.googleapis.com/token
+    clientId: <GOOGLE_CLIENT_ID>
+    clientSecret: <GOOGLE_CLIENT_SECRET>
+    scope: https://www.googleapis.com/auth/googlehealth.activity_and_fitness.readonly https://www.googleapis.com/auth/googlehealth.health_metrics_and_measurements.readonly https://www.googleapis.com/auth/googlehealth.sleep.readonly https://www.googleapis.com/auth/googlehealth.profile.readonly https://www.googleapis.com/auth/googlehealth.nutrition.readonly https://www.googleapis.com/auth/googlehealth.irn.readonly https://www.googleapis.com/auth/googlehealth.ecg.readonly
+    oauthVersion: oauth2

authorizer-app-backend/src/main/java/org/radarbase/authorizer/api/ApiDeclarations.kt

@@ -56,6 +56,12 @@ data class RestOauth2UserId(
     val userId: String,
 )
 
+@Serializable
+data class RestGoogleHealthIdentity(
+    val healthUserId: String,
+    val legacyUserId: String? = null,
+)
+
 @Serializable
 data class OuraAuthUserId(
     val age: Int? = null,

authorizer-app-backend/src/main/java/org/radarbase/authorizer/enhancer/AuthorizerResourceEnhancer.kt

@@ -28,9 +28,11 @@ import org.radarbase.authorizer.doa.RestSourceUserRepositoryImpl
 import org.radarbase.authorizer.service.DelegatedRestSourceAuthorizationService
 import org.radarbase.authorizer.service.DelegatedRestSourceAuthorizationService.Companion.FITBIT_AUTH
 import org.radarbase.authorizer.service.DelegatedRestSourceAuthorizationService.Companion.GARMIN_AUTH
+import org.radarbase.authorizer.service.DelegatedRestSourceAuthorizationService.Companion.GOOGLE_AUTH
 import org.radarbase.authorizer.service.DelegatedRestSourceAuthorizationService.Companion.OURA_AUTH
 import org.radarbase.authorizer.service.GarminOAuth2AuthorizationService
 import org.radarbase.authorizer.service.GarminOauth1AuthorizationService
+import org.radarbase.authorizer.service.GoogleHealthAuthorizationService
 import org.radarbase.authorizer.service.OAuth2RestSourceAuthorizationService
 import org.radarbase.authorizer.service.OuraAuthorizationService
 import org.radarbase.authorizer.service.RegistrationService
@@ -46,21 +48,21 @@ class AuthorizerResourceEnhancer(
     private val restSourceClients = RestSourceClients(
         config.restSourceClients
             .map { it.withEnv() }
+            .map {
+                when {
+                    it.sourceType == GARMIN_AUTH && it.oauthVersion.equals("oauth2", ignoreCase = true) ->
+                        it.copy(usesPkce = true)
+                    it.sourceType == GOOGLE_AUTH ->
+                        it.copy(usesPkce = true)
+                    else -> it
+                }
+            }
             .onEach {
                 requireNotNull(it.clientId) { "Client ID of ${it.sourceType} is missing" }
                 requireNotNull(it.clientSecret) { "Client secret of ${it.sourceType} is missing" }
             },
     )
 
-    /**
-     * Maps a source type to its configured OAuth version (e.g., "oauth1" or "oauth2").
-     * This is used to conditionally bind the correct authorization service implementation.
-     * Configure via the `oauthVersion` field in `authorizer.yml` under each `restSourceClients` entry.
-     */
-    private val sourceTypeOauthMap: Map<String, String> = config.restSourceClients.associate {
-        it.sourceType to it.oauthVersion.lowercase()
-    }
-
     override val classes: Array<Class<*>>
         get() = listOfNotNull(
             Filters.cache,
@@ -112,8 +114,9 @@ class AuthorizerResourceEnhancer(
         bind(DelegatedRestSourceAuthorizationService::class.java)
             .to(RestSourceAuthorizationService::class.java)
 
-        // Bind Garmin service based on a configured oauthVersion: "oauth2" → PKCE flow, "oauth1" → legacy flow.
-        if (sourceTypeOauthMap[GARMIN_AUTH].equals("oauth2", ignoreCase = true)) {
+        // Bind Garmin service based on configured oauthVersion: "oauth2" → PKCE flow, "oauth1" → legacy flow.
+        val garminUsesPkce = restSourceClients.clients.firstOrNull { it.sourceType == GARMIN_AUTH }?.usesPkce == true
+        if (garminUsesPkce) {
             bind(GarminOAuth2AuthorizationService::class.java)
                 .to(RestSourceAuthorizationService::class.java)
                 .named(GARMIN_AUTH)
@@ -134,5 +137,10 @@ class AuthorizerResourceEnhancer(
             .to(RestSourceAuthorizationService::class.java)
             .named(OURA_AUTH)
             .`in`(Singleton::class.java)
+
+        bind(GoogleHealthAuthorizationService::class.java)
+            .to(RestSourceAuthorizationService::class.java)
+            .named(GOOGLE_AUTH)
+            .`in`(Singleton::class.java)
     }
 }

authorizer-app-backend/src/main/java/org/radarbase/authorizer/service/DelegatedRestSourceAuthorizationService.kt

@@ -63,5 +63,6 @@ class DelegatedRestSourceAuthorizationService(
         const val GARMIN_AUTH = "Garmin"
         const val FITBIT_AUTH = "FitBit"
         const val OURA_AUTH = "Oura"
+        const val GOOGLE_AUTH = "GoogleHealth"
     }
 }