Hi Austin, Thanks for your answer, but this is not working...
After the first secure signed request and after I get the 302 (Redirection URL) Response, I tried this 3 options: 1.- Follow the Redirection Url sending in the request the same signed Auth Header but the response is: Error 401: Unknown authorization header 2.- Follow the Redirection Url but, generating a new secure signed Auth Header but, the response is again: Error 401: Unknown authorization header 3.- Follow the Redirection Url but, with out any Auth Header. The response is: Error 401: Authorization required I can't find what's wrong with my code... This is how the Auth Headers looks for the 3 cases: 1.- Sending the same Auth Header: Authorization: AuthSub token="CMXA-...sBw" data="GET http://www.google.com/calendar/feeds/default/private/full 1198146038 16522083942098726744" sig="slwBuhaB...QbjC/b4=" sigalg="rsa-sha1" 2.- Generating a new secure signed Auth Header with the Redirect URL: Authorization: AuthSub token="CMXA-...sBw" data="GET http://www.google.com/calendar/feeds/default/private/full?gsessionid=MC...uk 1198146039 11056060601730834567" sig="UmPTEppD9...wpPajBbpg=" sigalg="rsa-sha1" 3: Without any Auth Header, just requesting the Redirect URL http://www.google.com/calendar/feeds/default/private/full?gsessionid=MC...uk Can you tell me some clue or advice to solve this? Thanks!! Ahumaro On Dec 19, 12:30 pm, "Austin (Google)" <[EMAIL PROTECTED]> wrote: > Hi Ahumaro, > Yes Google Calendar Data API does support secure AuthSub. > > The reason that by copying the URL to the browser and it does pull down the > feed XML is because your browser probably already has a cookie login with > Google Calendar UI. When pulling a private feed from the browser, it would > use the same cookie credential you have stored in your browser as the one > you use to login to calendar.google.com through the UI. > > As for the 401 error, perhaps you can try resigning again but I am surprised > that it requires a new signing for the redirection. > > Hope it helps, > Austin > > On Dec 19, 2007 6:54 AM, Ahumaro <[EMAIL PROTECTED]> wrote: > > > > > Hi all friends! > > > I have a question: > > > Does the Google Calendar service support secure signed requests with > > secure session token? > > I am asking this because i am having this behavior: > > > First of all, i have my site registered with AuthSub and this is what > > i am doing: > > > 1.- Obtain the single-use token, requesting it with secure=1 and > > session=1 > > 2.- Exchange for a Secure Session Token (then verifying scope, target > > and secure with AuthSubTokenInfo) > > 3.- Sign a request and send it to obtain a calendar feed in the secure > > way. something like this: > > > Authorization: AuthSub token="CMXA-PX.........DJ3KysBw" data="GET > >http://www.google.com/calendar/feeds/default/private/full1198041819 > > 19244280291931183285" sig="Me1iHAFWdZizOfVipVWGmWhmqcqFLD > > +...........HDe15kiJ+//3Bfc=" sigalg="rsa-sha1" > > > 4.- I am getting then, a 302 code in the response and this message in > > the body: > > > Moved Temporarily > > The document has moved > > HREF="http://www.google.com/calendar/feeds/default/private/full? > > gsessionid=HfG.......Aw" > > > What to do next? > > > This is what i did: > > > Generated a new request with the redirect url BUT inserting the SAME > > Auth Header in the request. > > I think there was something wrong because i got a bad response. > > Code 401 > > Message: Unknown authorization header ... Error 401 > > > Why? do i have to sign again the new request and generate a new Auth > > Header for this? > > > Then, in my madness ;) , i took the last redirect url to my browser > > and i made a simple request with the url and it worked! > > [http://www.google.com/calendar/feeds/default/private/full? > > gsessionid=HfG.......Aw] > > Worked without Auth header, without security, withour anything, it > > worked in my browser and bringed my calendar feed. > > > Is this the correct behavior of the service? why the secure signed > > request is not working? why is working without auth header in my > > browser? > > > O_o > > > Ahumaro --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
