RESOLVED: I realised that private or "unlisted" Picasa web albums are protected by using the "authkey" parameter. That means that only the following info is required to obtain an album feed:
1. User name 2. Album name or ID 3. Authkey And, you do NOT need the user password! The authkey can be found by going to the album you want to access, then pressing on "Link to this album", then find the authkey in the given URL. Once you have the authkey, simply use the following syntax: http://picasaweb.google.com/data/feed/api/user/{USERID}/album/{ALBUMNAME}?kind=photo&authkey={AUTHKEY} Best regards, Martin On 28 Aug, 18:00, Martynas Brijunas <[EMAIL PROTECTED]> wrote: > Hmm, the link says that "AuthSub proxy authentication is used by web > applications which need to authenticate their users to Google > accounts". > > What I am trying to do is something different. I would give my > visitors a PIN generated by me. The PIN would be validated by my app, > not by Google. If a PIN is valid, then based on the PIN value a feed > from a corresponding private Picasa album would be opened. The users > are NOT expected to have a Google account in order to see private > albums. > > On the other hand: what are the risks of having a plain text password > in a python script file? If I understand correctly, the users do not > have access to the content of the file itself, only to HTTP responses > generated by that script. > > On 28 Aug, 17:07, "Ross M Karchner" <[EMAIL PROTECTED]> wrote: > > > I think you want to use AuthSub: > > >http://code.google.com/apis/picasaweb/developers_guide_python.html#Au... > > > On Thu, Aug 28, 2008 at 5:55 AM, Martynas Brijunas <[EMAIL PROTECTED]>wrote: > > > > Hi, > > > > I am looking for a way to implement Programmatic Login from my app to > > > be able to retrieve private albums from Picasa. As they are private, > > > the app would have to sign in. GData offers the ProgrammaticLogin() > > > method which expects the password to be in clear text. > > > > The application would then ask users to enter their assigned PINs to > > > see a particular album (no, I am not building an amoral site btw). > > > > I would hate to have my google password stored on a file in plain > > > text. Are there any techniques that allow to prevent this? Maybe > > > storing the username/password in the Datastore and then requesting it > > > from there? Or are there any other ways to bypass the > > > ProgrammaticLogin altogether? > > > > Best regards, > > > Martin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
