OAuth for Python (http://code.google.com/appengine/docs/python/oauth/ overview.html) looks like a great addition to App Engine. However, I have been having some trouble using it, and since it's marked as "Experimental", I have some questions, beginning with this:
1) Is there someone in Google actively supporting OAuth for Python? "Experimental" could mean that it is on the way to being fully- supported or that it's an abandoned 20% project. Is there at least a contact person who could discuss implementation issues? (I don't see one listed in the documentation) I am currently building an iOS app to work with a client's App Engine- based service that uses OAuth. OAuth for Python looks amazingly easy to add to an App Engine app (it really seems to be present in all apps by default), and if there was a working sample iOS client app, I'm sure that there would be significant interest in the iOS development community. It would also be good to know if OAuth for Python is abandoned and unsupported. 2) Is there a sample iOS app that demonstrates how to authenticate to App Engine apps using OAuth? If not, is there someone in the App Engine team who would advise me as I write one? This example would contain both an App Engine service and a corresponding iOS client. Two years ago Jason Cooper worked with me to create a similar demonstration for an event that I organize (http://www.meetup.com/ sviphone/events/12372267/). This code is online at http://github.com/timburks/stickup. I am based in Palo Alto and can come to Mountain View. Going into details, I've managed to get through the first three steps of the "dance": 1) getting a request token, 2) displaying the authorization page, and 3) exchanging the request token for an access token. But if I strictly follow the Google documentation (http:// code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the process doesn't work. As documented, OAuthGetAccessToken requires an oauth_signature parameter, but it only returns a token if I DON'T sign my requests. 3) What's going on here? Also, now that I've gotten a token, my signed API requests are failing. It's certainly possible that my signing is incorrect, but since I've made it this far and stumbled onto one undocumented behavior in OAuthGetAccessToken, I'm suspicious of more hidden problems. OAuth for Python includes some great easy-to-call functions for getting consumer and user information within an App Engine app (http:// code.google.com/appengine/docs/python/oauth/functions.html). Curiously, both get_oauth_consumer_key() and get_current_user() throw exceptions when I sign my requests the "right" way, using my consumer secret and token secret, but when I sign them with only the consumer secret, get_oauth_consumer_key() succeeds. This seems to echo the problem that Takashi Sasaki reported on Jan 28, 2011 in this thread: http://groups.google.com/group/google-appengine/browse_thread/thread/c22366b345138ba8/bd800533e44d29de?lnk=gst&q=oauth#bd800533e44d29de 4) See question #3. Thanks for reading all this. Any and all help is appreciated, and I would be happy to help spread the word about how to do this correctly if we can get it sorted out. - Tim -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
