Any updates? I am seeing the same issue.
Per the documentation,
You don't need to wait until getting Google confirmation to start
signing requests, however; it is okay to sign requests with insecure
tokens, the signatures will be ignored.
However, I am getting a "signature is invalid" response when I call
AuthSubUtil.exchangeForSessionToken.
Here is my code. I generated the key using keytool with the
parameters specified on the gdata help pages.
GoogleService service = new GoogleService("blogger", "xxx-yyy-
versionID");
String url = AuthSubUtil.getRequestUrl("https://xxx";, "http://
www.blogger.com/feeds", false, true);
java.security.PrivateKey privateKey =
AuthSubUtil.getPrivateKeyFromKeystore("AuthSubExample.jks",
"changeme",
"AuthSubExample",
"changeme");
System.out.println(url);
System.out.println("Enter one-time token");
DataInputStream in = new DataInputStream(System.in);
String oneTimeToken = in.readLine();
String newToken =
AuthSubUtil.exchangeForSessionToken(oneTimeToken, privateKey);
System.out.print("New token: ");
System.out.println(newToken);
On Mar 7, 9:38 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:
> Hi Ryan,
>
> In step, 'secure=1' is passed and the yellow warning is not displayed
> on the page. I assume this would mean the webapp has been registered
> successfully.
>
> With regards to the Java Client Library, I checked the files in the
> downloaded jar but did not find the version number. However, the
> readme.txt file at the root of gdata jar has a date of November 30,
> 2006.
>
> I'm pasting below the auth header that the client library is sending
> (captured by invoking AuthSubUtil.formAuthorizationHeader()).
>
> AuthSub token="OnetimeUseToken"
> data="GEThttps://www.google.com/accounts/AuthSubTokenInfo
> 1173284488 14041690465791330324" sig="WIFR
> +mvI39StCr0eOvHIXjb3hGwQJCsjzfWXp6Z9vn1m0Py/
> ItI0ZXYb3TR3bRKKw6p8JVDaJGi5q/8aqdJnvUkEh9E39q1BN0lb2krvYrsX8D/wvmF0+u
> +9WS23n7P6MlTHTiLhyehn14ne+Uy/u7+bRbmJ/WTV1ezrCSStkM0=" sigalg="rsa-
> sha1"
>
> Appreciate your help!
>
> Cheers,
> Abbas
>
> On Mar 6, 7:03 pm, "Ryan Boyd (Google)" <[EMAIL PROTECTED]> wrote:
>
> > Hi Abbas,
>
> > No problem -- it's good news that your time is synchronized.
>
> > In step #3, where the user grants access to your site-- have you verified
> > that 'secure=0' is passed in the URL and the page does not contain the
> > yellow warning box?
>
> > Also, what version of the Java Client library are you using? Can you send
> > me an example Authorization header which it is generating? (with the token
> > value changed, of course). This header should include the URL for the feed
> > (it's fine if you want to obfuscate the particular calendar.. I'm just
> > looking for as much information as possible so that I can recreate the issue
> > you're experiencing)
>
> > I'm not aware of any others having issues using secured authsub from the
> > java client library, but I'll gladly look into this further so we can find a
> > solution for you.
>
> > Cheers,
>
> > -Ryan
>
> > On 3/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> > > Hi Ryan,
>
> > > Thanks for your time and help. My server is synchronized with an NTP
> > > server. Is there anything else that I can look for?
>
> > > Cheers,
> > > Abbas
>
> > > On Mar 6, 11:08 am, "Ryan Boyd (Google)" <[EMAIL PROTECTED]> wrote:
> > > > Hi Abbas,
>
> > > > Your process looks good. Can you please check the date/time setting on
> > > your
> > > > server? Is it synchronized to some good NTP servers? If you are using
> > > the
> > > > client library, this is probably the biggest problem that would not be
> > > > code-dependent. A timestamp is part of the signature and, if far off,
> > > you
> > > > will get a 401.
>
> > > > Cheers,
>
> > > > -Ryan
>
> > > > On 3/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> > > > > Hi All,
>
> > > > > I am trying to request a secure session token for the calender feed.
> > > > > My request returns a 'Signature is invalid' exception. Here is what I
> > > > > did.
>
> > > > > 1. Registered my webapp online with a .pem certificate.
> > > > > 2. User logged into my webapp and got redirected to authsub page.
> > > > > 3. User grants access and my webapp gets a single use token.
> > > > > 4. The webapp makes an api call through gdata java client library to
> > > > > get the secure token: AuthSubUtil.exchangeForSessionToken(token,
> > > > > privKey). The private key is passed to the gdata library for signing
> > > > > the request. I checked the auth header to see if all the required data
> > > > > is present and all seemed to be good.
> > > > > 5. The service responds with the following exception.
> > > > > com.google.gdata.util.AuthenticationException: 401: Signature is
> > > > > invalid
> > > > > at
> > > > > com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken
> > > (Unknown
> > > > > Source)
> > > > > at
> > > > > com.google.gdata.client.http.AuthSubUtil.exchangeForSessionToken
> > > (Unknown
> > > > > Source)
>
> > > > > Did anybody face such an issue? Appreciate any help.
>
> > > > > Thanks,
> > > > > Abbas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Calendar Data API" group.
To post to this group, send email to
[email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-calendar-help-dataapi?hl=en
-~----------~----~----~----~------~----~------~--~---
