I'm writing a Delphi based PC application which accesses an AppEngine servlet.
I'm trying to use the OAuth 1.0 dance to authenticate users and allow access to a restricted part of the application. I'm able to get access to the restricted servlet using a browser and going through google user authentication. I'm now trying to implement the dance. I successfully get the token and token secret using OAuthGetRequestToken. Key := 'XXXX.appspot.com'; Secret := 'YYYY'; URL := 'https://XXXX.appspot.com/_ah/OAuthGetRequestToken'; Consumer := TOAuthConsumer.Create(Key, Secret); HMAC := TOAuthSignatureMethod_HMAC_SHA1.Create; ARequest := TOAuthRequest.Create(URL); ARequest := ARequest.FromConsumerAndToken(Consumer, nil, URL,'','oob',''); ARequest.Sign_Request(HMAC, Consumer, nil,true); URL := URL + '?' + ARequest.GetString; idHTTP1.Get(URL,ms); ARequest.Destroy; HMAC.Destroy; Consumer.Destroy; The GET request and response look like this: GET /_ah/OAuthGetRequestToken HTTP/1.1 Host: XXXX.appspot.com Accept: */* Authorization: OAuth oauth_version="1.0", oauth_nonce="1511ec6d98e5b89c561b1af4b3022476", oauth_timestamp="1347534557", oauth_consumer_key="XXXX.appspot.com", oauth_callback="oob", oauth_signature_method="HMAC-SHA1", oauth_signature="JPSgMsipsLumldKsca8SA8gDXgw%3D" HTTP/1.1 200 OK Date: Thu, 13 Sep 2012 11:09:18 GMT Content-Type: text/html Server: Google Frontend Content-Length: 88 oauth_token=4%2FY4ReEZt9v8IYHJ_4WnZYkzurXOgw&oauth_token_secret=S9150fuyvo_jjr43Cd47CPzY Next, I authorize the token. URL := 'https://inksureauth.appspot.com/_ah/OAuthAuthorizeToken?oauth_token='+TOAuthUtil.urlEncodeRFC3986(Token.Text); IdHTTP1.Get(URL,ms); I'm redirected to the google web page for login. As I stated 'oob' for callback, I receive a verification code on the web page which I copy. Finally, I try to get exchange the token for an access token. Here I fail. URL := 'https://XXXX.appspot.com/_ah/OAuthGetAccessToken'; Key := 'XXXX.appspot.com'; Secret := 'YYYY'; Consumer := TOAuthConsumer.Create(Key, Secret); ARequest := TOAuthRequest.Create(URL); AToken := TOAuthToken.Create(TOAuthUtil.urlEncodeRFC3986(Token.Text), TokenSecret.Text); ARequest.HTTPURL := URL; ARequest := ARequest.FromConsumerAndToken(Consumer,AToken , URL,'','','VERIFICATION CODE FROM WEB PAGE'); HMAC := TOAuthSignatureMethod_HMAC_SHA1.Create; ARequest.Sign_Request(HMAC, Consumer, AToken,true); URL := URL + '?' + ARequest.GetString; IdHTTP1.Disconnect; IdHTTP1.Get(URL,ms); HMAC.Destroy; ARequest.Destroy; Consumer.Destroy; The GET command looks like this: GET /_ah/OAuthGetAccessToken?oauth_version=1.0&oauth_nonce=4A86BEECE494C25AF94882F74DEE6231&oauth_timestamp=1347545383&oauth_consumer_key=XXXX.appspot.com&oauth_verifier=yGEhCENYOlni2ayo8aNckyPG&oauth_token=4%2FEKGFo9i2wmuMGcBLmbmQhqDba0z4&oauth_signature_method=HMAC-SHA1&oauth_signature=2ZwRvGp8LnXenTXrjYo5%2FtFHW30%3D HTTP/1.1 And the response: HTTP/1.1 400 Bad Request Date: Thu, 13 Sep 2012 14:09:44 GMT Content-Type: text/html; charset=UTF-8 Server: Google Frontend Content-Length: 273 <html><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <title>400 Bad Request</title> </head> <body text=#000000 bgcolor=#ffffff> <h1>Error: Bad Request</h1> <h2>Your client has issued a malformed or illegal request.</h2> <h2></h2> </body></html> I used the OAuth playground to access the same application and it is successful in retrieving the access key. I compared the playground's request parameters to the parameters generated by my application and they are compatible. I've used my application to retrieve an access key for Google calendar successfuly. I used my signing function to sign a request generated by the playground and the signatures matched. What other reason can there be for the last step to fail? Is it possible to get a more informative response from the authentication server beyond "Your client has issued a malformed or illegal request"? Thanks, Daniel -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/8o_Y1mFFO38J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
