Hey Will, Responses inline.
On Fri, May 13, 2011 at 16:46, Will Merydith <[email protected]> wrote: > OK I have some new information and questions to add to this discussion: > > 1 - There is some confusion in the documentation over whether registration > is required or not. Yup I agree. But it solved some issue for me in the past, so I thought I'd suggest it. > > Both here and here, it says registration is optional. Regardless, I have > registered my app. > > 2 - When going through the process of registering your application with > Google, you're informed that a certificate is not necessary on Google App > Engine, and that the OAuth signature method is HMAC-SHA1. Can anyone > confirm that as the case for using the OAuth for Python? If I'm not mistaken, if you're using HMAC-SHA1 you don't upload a cert. It will instead give you a secret key to use when signing your requests. > > 3- Testing this locally doesn't provide much feedback because no matter what > you pass, it works. On appspot, it's the opposite problem because there's > no information on what failed. I've tried the OAuth Playground, which is > great, but wanted to verify that it supports testing OAuth for python. I am > using it to test my Request for a Token and it fails, reporting, > signature_invalid. > > The documentation on signature construction is confusing, in some cases it > indicates sending a base string to the server that is the request url > encoded, and in other places it seems to be saying that you pass the string > directly as in: > > oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D" > > Can anyone clarify? Yes, you're going to find many things about the gdata APIs suck very bad and give effectively worthless error feedback. The docs are a frightening mess too. Make sure you read the protocol guides so you can make sure the requests look right. I'm using python-oauth2. Here is a snippet of code I use, maybe it will help get you started: params = { 'oauth_version': "1.0", 'oauth_nonce': oauth.generate_nonce(), 'oauth_timestamp': int(time.time()), 'oauth_callback': 'https://%s%s' % (SERVER, URL_MAP['FinalizeAuth']), 'oauth_consumer_key': CONSUMER_KEY, 'oauth_signature_method': 'HMAC-SHA1', 'scope': service_scopes } url = OAUTH_URLS['OAuthGetRequestToken'] consumer = oauth.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET) request = oauth.Request(method='POST', url=url, parameters=params) request.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer, None) params['oauth_signature_method'] = request['oauth_signature_method'] params['oauth_signature'] = request['oauth_signature'] result = urlfetch.fetch(url, payload=urllib.urlencode(params), method='POST') > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
