Thanks, I was not aware that we can get a permanent token. In this case, we can take the user to the Google login proxy at the time of registeration with the system.
Will consider this possibility for sure. Thanks, Nitin -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Mantek Sent: Monday, April 21, 2008 4:34 PM To: [email protected] Subject: Re: Google Calendar service credentials The user will have to do this once. You then get a token back that you can exchange for a permanent one and store away in your system. That way the user can: -> revoke that token over his account page at google -> be assured that you have no way of tempering with his credentials - not that you would, but it's hard to convince a user that the risk is not there if he has to give you authentication information for another system -> and you can still do what you want What would not be working in that scenario? Frank Mantek Google On Apr 21, 2008, at 11:40 AM, Nitin Gupta wrote: > > Hi Frank, > > If my understanding of AuthSub authentication is right, it takes > user to a > Google login page where the user can enter his Google credentials. > However, > in our case this will not work as we have to update user's calendars > in our > local data store on a scheduled basis. The scheduler will run > approximately > 10 times a day. The only solution I can think of for this is to save > the > user's credentials in our system, fire the scheduled job at a > specified > time, do a clientLogin first on the basis of UserToken, if it is not > valid > then on the basis of the stored credentials (and post > authentication, update > the UserToken), retrieve the calendar data. > > If you think there can be or there exist any better solution for the > scheduled jobs on the Google calendar service then please let me know. > > Cheers, > Nitin > -----Original Message----- > From: [email protected] > [mailto:[EMAIL PROTECTED] On Behalf Of > Frank > Mantek > Sent: Friday, April 18, 2008 2:53 PM > To: [email protected] > Subject: Re: Google Calendar service credentials > > > If this is a server app we can not really encourage using client login > for a webservice application,. That is what Authentication for > Webapplications is for (authsub). Have you evaluated using this? There > you get a long lived token and you do not have to worry about > encrypting the credentials. Furthermore your user does not have to > overcome "trust" issues with your app, as he remains in control of his > credentials. > > Does that make sense to you? > > Regards > > Frank Mantek > On Apr 18, 2008, at 9:18 AM, Nitin Gupta wrote: > >> >> HI Frank, >> >> I am working on a server application. My server, basically needs to >> frequently fetch the user's Google calendar Events and update them >> in a >> local data store. This will always happen in background as a daemon. >> >> I would like to know if there is any option I can use so that I can >> save >> time during authentication. My server will authenticate the user on >> his >> behalf. >> >> Instead of user, my application can definitely re-authenticate the >> user >> after every couple of weeks. We are keeping user's Google >> credentials within >> our application. >> >> Cheers, >> Nitin >> >> -----Original Message----- >> From: [email protected] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> Frank >> Mantek >> Sent: Wednesday, April 09, 2008 7:02 PM >> To: [email protected] >> Subject: Re: Google Calendar service credentials >> >> >> Is this a client desktop app or a server app? Is it acceptable that >> the user has to reauthenticate every couple of weeks? >> >> Frank Mantek >> Google >> On Apr 9, 2008, at 1:31 AM, Nitin Gupta wrote: >> >>> Hi all, >>> >>> >>> >>> This question is not exactly related to the Google Calendar API. It >>> is >>> releated to its usage in an application and hence is for the >>> developers who >>> at some point in time may have faced the same problem. >>> >>> >>> >>> I am working on an application in which I have to frequently poll >>> the Google >>> calendars of the registered user. This means that I have to keep >>> their >>> credentials in my system. I can only use ClientLogin authentication. >>> >>> >>> >>> I would like to know about the options which can be used to keep >>> the Google >>> credentials of the user secured in our system. Can I use some sort >>> of >>> encryption? Please share with me the best possible approach which I >>> can use >>> so that application users can share their credentials without much >>> hesitation. >>> >>> >>> >>> On the Gdata forum, I was told that something like OS X's Keychain >>> mechanism >>> should be used. I am working in Java and my platform can be either >>> Windows >>> or Unix. So, a non-OS based solution is good for me. >>> >>> >>> >>> As always, thanks for all the help. >>> >>> >>> >>> Cheers, >>> >>> Nitin >>> >>> >>>> >> >> >> >> >>> > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
