Hi Ahumaro, Yes Google Calendar Data API does support secure AuthSub. The reason that by copying the URL to the browser and it does pull down the feed XML is because your browser probably already has a cookie login with Google Calendar UI. When pulling a private feed from the browser, it would use the same cookie credential you have stored in your browser as the one you use to login to calendar.google.com through the UI.
As for the 401 error, perhaps you can try resigning again but I am surprised that it requires a new signing for the redirection. Hope it helps, Austin On Dec 19, 2007 6:54 AM, Ahumaro <[EMAIL PROTECTED]> wrote: > > Hi all friends! > > I have a question: > > Does the Google Calendar service support secure signed requests with > secure session token? > I am asking this because i am having this behavior: > > First of all, i have my site registered with AuthSub and this is what > i am doing: > > 1.- Obtain the single-use token, requesting it with secure=1 and > session=1 > 2.- Exchange for a Secure Session Token (then verifying scope, target > and secure with AuthSubTokenInfo) > 3.- Sign a request and send it to obtain a calendar feed in the secure > way. something like this: > > Authorization: AuthSub token="CMXA-PX.........DJ3KysBw" data="GET > http://www.google.com/calendar/feeds/default/private/full 1198041819 > 19244280291931183285" sig="Me1iHAFWdZizOfVipVWGmWhmqcqFLD > +...........HDe15kiJ+//3Bfc=" sigalg="rsa-sha1" > > 4.- I am getting then, a 302 code in the response and this message in > the body: > > Moved Temporarily > The document has moved > HREF="http://www.google.com/calendar/feeds/default/private/full? > gsessionid=HfG.......Aw" > > What to do next? > > This is what i did: > > Generated a new request with the redirect url BUT inserting the SAME > Auth Header in the request. > I think there was something wrong because i got a bad response. > Code 401 > Message: Unknown authorization header ... Error 401 > > Why? do i have to sign again the new request and generate a new Auth > Header for this? > > Then, in my madness ;) , i took the last redirect url to my browser > and i made a simple request with the url and it worked! > [http://www.google.com/calendar/feeds/default/private/full? > gsessionid=HfG.......Aw] > Worked without Auth header, without security, withour anything, it > worked in my browser and bringed my calendar feed. > > Is this the correct behavior of the service? why the secure signed > request is not working? why is working without auth header in my > browser? > > O_o > > Ahumaro > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
