Thanks for the reply Robert. I ended up spending several hours last night reading through the OAuth specs and SHA1 specs (in particular how to properly sign a request). I now have a much better understanding of the OAuth dance and the Google docs seem much more clear.
My development partner and I tried out Singpost (for Android), which seems to work. Just to be clear, Oauth2 isn't for OAuth2.0, but rather just indicates it's a second version of oauth? On Sat, May 14, 2011 at 12:32 AM, Robert Kluin <[email protected]>wrote: > Hey Will, > Responses inline. > > > On Fri, May 13, 2011 at 16:46, Will Merydith <[email protected]> > wrote: > > OK I have some new information and questions to add to this discussion: > > > > 1 - There is some confusion in the documentation over whether > registration > > is required or not. > > Yup I agree. But it solved some issue for me in the past, so I > thought I'd suggest it. > > > > > Both here and here, it says registration is optional. Regardless, I have > > registered my app. > > > > 2 - When going through the process of registering your application with > > Google, you're informed that a certificate is not necessary on Google App > > Engine, and that the OAuth signature method is HMAC-SHA1. Can anyone > > confirm that as the case for using the OAuth for Python? > > If I'm not mistaken, if you're using HMAC-SHA1 you don't upload a > cert. It will instead give you a secret key to use when signing your > requests. > > > > > > 3- Testing this locally doesn't provide much feedback because no matter > what > > you pass, it works. On appspot, it's the opposite problem because > there's > > no information on what failed. I've tried the OAuth Playground, which is > > great, but wanted to verify that it supports testing OAuth for python. I > am > > using it to test my Request for a Token and it fails, reporting, > > signature_invalid. > > > > The documentation on signature construction is confusing, in some cases > it > > indicates sending a base string to the server that is the request url > > encoded, and in other places it seems to be saying that you pass the > string > > directly as in: > > > > oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D" > > > > Can anyone clarify? > > > Yes, you're going to find many things about the gdata APIs suck very > bad and give effectively worthless error feedback. The docs are a > frightening mess too. Make sure you read the protocol guides so you > can make sure the requests look right. > > I'm using python-oauth2. Here is a snippet of code I use, maybe it > will help get you started: > > params = { > 'oauth_version': "1.0", > 'oauth_nonce': oauth.generate_nonce(), > 'oauth_timestamp': int(time.time()), > 'oauth_callback': 'https://%s%s' % (SERVER, > URL_MAP['FinalizeAuth']), > 'oauth_consumer_key': CONSUMER_KEY, > 'oauth_signature_method': 'HMAC-SHA1', > 'scope': service_scopes > } > url = OAUTH_URLS['OAuthGetRequestToken'] > consumer = oauth.Consumer(key=CONSUMER_KEY, > secret=CONSUMER_SECRET) > request = oauth.Request(method='POST', url=url, parameters=params) > request.sign_request(oauth.SignatureMethod_HMAC_SHA1(), > consumer, None) > params['oauth_signature_method'] = request['oauth_signature_method'] > params['oauth_signature'] = request['oauth_signature'] > result = urlfetch.fetch(url, payload=urllib.urlencode(params), > method='POST') > > > > > > > > > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/google-appengine?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
