Following up, I've shared a simple service and python client on github: http://github.com/timburks/oauthchecker
The service contains a single handler that uses the oauth module to get the consumer id and the nickname of the authenticated user. The client is based on Joe Stump's oauth2 Python library and seems to successfully perform the three steps to get an access token, but from there I am unable to successfully make a signed request to the service (all this is in the client.py script). Requests currently fail with an InvalidOAuthParametersError exception. If I've made a newbie signing mistake, I apologize and will leave the corrected example up as testimony :) thanks again, Tim On Jan 30, 10:37 pm, Robert Kluin <[email protected]> wrote: > Hi Tim, > I can not answer most of your questions, in fact I'd also like to > see answers to many of them. I can tell you that I have got this > working for non-Apps users before. The last time I played with it > there were some serious quirks with Apps Domains; however, Google's > completely redone their auth system since then so maybe it works now. > > I'm not sure there have been any active changes to it in the past year. > http://code.google.com/p/googleappengine/source/diff?spec=svn228&r=15... > > Robert > > > > > > > > On Sun, Jan 29, 2012 at 20:34, Tim Burks <[email protected]> wrote: > > OAuth for Python (http://code.google.com/appengine/docs/python/oauth/ > > overview.html) looks like a great addition to App Engine. However, I > > have been having some trouble using it, and since it's marked as > > "Experimental", I have some questions, beginning with this: > > > 1) Is there someone in Google actively supporting OAuth for Python? > > "Experimental" could mean that it is on the way to being fully- > > supported or that it's an abandoned 20% project. Is there at least a > > contact person who could discuss implementation issues? (I don't see > > one listed in the documentation) > > > I am currently building an iOS app to work with a client's App Engine- > > based service that uses OAuth. > > > OAuth for Python looks amazingly easy to add to an App Engine app (it > > really seems to be present in all apps by default), and if there was a > > working sample iOS client app, I'm sure that there would be > > significant interest in the iOS development community. It would also > > be good to know if OAuth for Python is abandoned and unsupported. > > > 2) Is there a sample iOS app that demonstrates how to authenticate to > > App Engine apps using OAuth? If not, is there someone in the App > > Engine team who would advise me as I write one? This example would > > contain both an App Engine service and a corresponding iOS client. Two > > years ago Jason Cooper worked with me to create a similar > > demonstration for an event that I organize (http://www.meetup.com/ > > sviphone/events/12372267/). This code is online > > athttp://github.com/timburks/stickup. > > I am based in Palo Alto and can come to Mountain View. > > > Going into details, I've managed to get through the first three steps > > of the "dance": 1) getting a request token, 2) displaying the > > authorization page, and 3) exchanging the request token for an access > > token. But if I strictly follow the Google documentation (http:// > > code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken), the > > process doesn't work. As documented, OAuthGetAccessToken requires an > > oauth_signature parameter, but it only returns a token if I DON'T sign > > my requests. > > > 3) What's going on here? > > > Also, now that I've gotten a token, my signed API requests are > > failing. It's certainly possible that my signing is incorrect, but > > since I've made it this far and stumbled onto one undocumented > > behavior in OAuthGetAccessToken, I'm suspicious of more hidden > > problems. > > > OAuth for Python includes some great easy-to-call functions for > > getting consumer and user information within an App Engine app (http:// > > code.google.com/appengine/docs/python/oauth/functions.html). > > > Curiously, both get_oauth_consumer_key() and get_current_user() throw > > exceptions when I sign my requests the "right" way, using my consumer > > secret and token secret, but when I sign them with only the consumer > > secret, get_oauth_consumer_key() succeeds. This seems to echo the > > problem that Takashi Sasaki reported on Jan 28, 2011 in this thread: > > >http://groups.google.com/group/google-appengine/browse_thread/thread/... > > > 4) See question #3. > > > Thanks for reading all this. Any and all help is appreciated, and I > > would be happy to help spread the word about how to do this correctly > > if we can get it sorted out. > > > - Tim > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
