You found a bug in the client library.
The fix is to change getAuthSubSessionToken and
AuthSubRevokeToken in Zend/Gdata/AuthSub.php:
public static function getAuthSubSessionToken(
$token, $client = null,
$request_uri = self::AUTHSUB_SESSION_TOKEN_URI)
{
$client = self::getHttpClient($token, $client);
if ($client instanceof Zend_Gdata_HttpClient) {
$filterResult = $client->filterHttpRequest('GET',
$request_uri);
$url = $filterResult['url'];
$headers = $filterResult['headers'];
$client->setHeaders($headers);
$client->setUri($url);
} else {
$client->setUri($request_uri);
}
try {
$response = $client->request('GET');
} catch (Zend_Http_Client_Exception $e) {
require_once 'Zend/Gdata/App/HttpException.php';
throw new Zend_Gdata_App_HttpException($e->getMessage(),
$e);
}
// Parse Google's response
if ($response->isSuccessful()) {
$goog_resp = array();
foreach (explode("\n", $response->getBody()) as $l) {
$l = chop($l);
if ($l) {
list($key, $val) = explode('=', chop($l), 2);
$goog_resp[$key] = $val;
}
}
return $goog_resp['Token'];
} else {
require_once 'Zend/Gdata/App/AuthException.php';
throw new Zend_Gdata_App_AuthException(
'Token upgrade failed. Reason: ' . $response-
>getBody());
}
}
public static function AuthSubRevokeToken($token, $client = null,
$request_uri =
self::AUTHSUB_REVOKE_TOKEN_URI)
{
$client = self::getHttpClient($token, $client);
if ($client instanceof Zend_Gdata_HttpClient) {
$filterResult = $client->filterHttpRequest('GET',
$request_uri);
$url = $filterResult['url'];
$headers = $filterResult['headers'];
$client->setHeaders($headers);
$client->setUri($url);
$client->resetParameters();
} else {
$client->setUri($request_uri);
}
ob_start();
try {
$response = $client->request('GET');
} catch (Zend_Http_Client_Exception $e) {
require_once 'Zend/Gdata/App/HttpException.php';
throw new Zend_Gdata_App_HttpException($e->getMessage(),
$e);
}
ob_end_clean();
// Parse Google's response
if ($response->isSuccessful()) {
return true;
} else {
return false;
}
}
Eric
On Sep 17, 11:38 am, Josh <[EMAIL PROTECTED]> wrote:
> ----the function is actually "function signoff($token)" where $token
> is my permanent token stored in my site's database for the user.----
>
> On Sep 17, 11:36 am, Josh <[EMAIL PROTECTED]> wrote:
>
> > Before my last post I had been trying to use your code and modify it
> > to do what I needed, but for some reason I couldn't get it to work.
>
> > I currently have it set up so that users can click an "unlink" button
> > that runs the following code:
> > function signoff() {
> > $client = new Zend_Gdata_HttpClient();
> > $client->setAuthSubPrivateKeyFile('myrsakey.pem', null, true);
> > $revtoken = Zend_Gdata_AuthSub::AuthSubRevokeToken($token, $client);
> > $client->setAuthSubToken($revtoken);
> > return $client;
>
> > }
>
> > Ideas as to why this would not work?
>
> > On Sep 17, 10:26 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > That function (AuthSubRevokeToken) and getAuthSubTokenInfo
> > > are overloaded so you can pass in the $client:
>
> > > AuthSubRevokeToken($token, $client);
>
> > > This should work if you've setup your $client properly.
> > > Just use the code I posted. When you set your private
> > > key and authsub session token using setAuthSubPrivateKeyFile,
> > > and setAuthSubToken, the library will automatically
> > > send the token and construct the correct Authorization header
> > > for you. So if you use that same $client, you're good to go.
>
> > > See:http://framework.zend.com/code/browse/Zend_Framework/standard/trunk/l...
>
> > > Eric
>
> > > On Sep 16, 10:14 pm, Josh <[EMAIL PROTECTED]> wrote:
>
> > > > Alright, getting closer and closer. The issue was with the file
> > > > location, as you suspected. Don't know how I managed to mess it up!
>
> > > > I can now successfully link the accounts with secure=1. Part 2:
> > > > Unlinking. The AuthSubRevokeToken function from the php Zend library
> > > > seems to not be enough. I would expect that this might have to be
> > > > modified to include the key in the header also. How do I do this?
>
> > > > Sorry for all the questions! Hopefully I'll have it all figured out
> > > > this week!
>
> > > > Josh
>
> > > > On Sep 16, 10:00 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > > Turn PHP warnings/notices on. It's possible that
> > > > > your webserver can't read or find myrsakey.pem.
>
> > > > > Eric
>
> > > > > On Sep 15, 11:52 pm, Josh <[EMAIL PROTECTED]> wrote:
>
> > > > > > Thanks for all the help. I really appreciate it.
>
> > > > > > I am getting closer, but stuck on the following step:
> > > > > > $client->setAuthSubPrivateKeyFile('myrsakey.pem', null, true);
>
> > > > > > That line causes the page to load as a blank white page. I can see
> > > > > > that it is used to grab the rsa key from my file, but for some
> > > > > > reason
> > > > > > it is killing the rest of the code. Any ideas?
>
> > > > > > Josh
>
> > > > > > On Sep 15, 4:15 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > > > > The initial request to AuthSubRequest for a secure token
> > > > > > > doesn't need to be signed
>
> > > > > > > When you come back from AuthSub with a single use token
> > > > > > > appended in the URL, the request to upgrade the token
> > > > > > > using getAuthSubSessionToken needs to be signed. That
> > > > > > > call should include your .PEM file.
>
> > > > > > > It sounds like you're using the Zend PHP library (I assumed
> > > > > > > you weren't in my last post). Secure AuthSub was recently
> > > > > > > added to the 1.6.0
> > > > > > > release:http://framework.zend.com/download/gdata
>
> > > > > > > To get you started, I posted a sample on the tips
> > > > > > > blog:http://gdatatips.blogspot.com/2008/09/secure-authsub-using-zend-php-l...
>
> > > > > > > Hope that helps,
> > > > > > > Eric
>
> > > > > > > On Sep 12, 8:33 pm, Josh <[EMAIL PROTECTED]> wrote:
>
> > > > > > > > Thanks for the info. I am still having some difficulty getting
> > > > > > > > it
> > > > > > > > working.
>
> > > > > > > > My current process:
> > > > > > > > 1) Send AuthSubRequest with secure=1.
> > > > > > > > 2) Request a session token using getAuthSubSessionToken.
> > > > > > > > etc.
>
> > > > > > > > The problem is occurring right at the beginning. As soon as I
> > > > > > > > set
> > > > > > > > secure=1, I get 403 errors when I try to request a session
> > > > > > > > token in
> > > > > > > > step 2. I assume that somewhere in there, I need to include the
> > > > > > > > new
> > > > > > > > PEM file information (during step 1 when I send the initial
> > > > > > > > request?).
> > > > > > > > But where/how do I integrate it? I can see from the examples you
> > > > > > > > provided, how I will need to integrate the PEM files when I make
> > > > > > > > requests for secure information, but I cannot even get to that
> > > > > > > > step at
> > > > > > > > this point. I'm just trying to setup the link to Google Health
> > > > > > > > with
> > > > > > > > secure=1, without even sending any data yet, and have been
> > > > > > > > unable to
> > > > > > > > successfully configure it.
>
> > > > > > > > Which step, AuthSubRequest or getAuthSubSessionToken, needs to
> > > > > > > > include
> > > > > > > > the secure PEM info? And how do I include it?
>
> > > > > > > > Thanks!
>
> > > > > > > > On Sep 10, 1:33 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > > > > > > Upload the public certificate to google (in the ManageDomains
> > > > > > > > > tool).
>
> > > > > > > > > The private key is what you will use to sign (encrypt) your
> > > > > > > > > data.
>
> > > > > > > > > The only thing that changes for secure AuthSub (secure=1
> > > > > > > > > tokens) is
> > > > > > > > > the format of the Authorization header you send in the
> > > > > > > > > request:http://code.google.com/apis/accounts/docs/AuthSub.html#signingrequests
>
> > > > > > > > > I've posted some code on the Google Data Tips blog that should
> > > > > > > > > help you see where/how to use the private
> > > > > > > > > key:http://gdatatips.blogspot.com/2008/07/secure-authsub-in-php.html
>
> > > > > > > > > You can use that signedGET() function as a starting point to
> > > > > > > > > also
> > > > > > > > > make
> > > > > > > > > POST requests. The curl options will be a little different.
>
> > > > > > > > > Hope this helps,
> > > > > > > > > eric
>
> > > > > > > > > On Sep 9, 7:45 pm, Josh <[EMAIL PROTECTED]> wrote:
>
> > > > > > > > > > Thanks for the help.
>
> > > > > > > > > > I am trying to get secure=1 working with h9 first, as
> > > > > > > > > > suggested. I
> > > > > > > > > > have created my 2 PEM files (cert and key) with OpenSSL.
> > > > > > > > > > What is the
> > > > > > > > > > next step? Which of these 2 files do I upload to Google,
> > > > > > > > > > which do I
> > > > > > > > > > upload to my website, and how do I use these files in my
> > > > > > > > > > code? What
> > > > > > > > > > changes must be made besides changing "secure=0" to
> > > > > > > > > > "secure=1"?
>
> > > > > > > > > > I have read a number of related forum posts, but still
> > > > > > > > > > cannot quite
> > > > > > > > > > get it straight. Thanks.
>
> > > > > > > > > > On Sep 9, 4:47 pm, "Eric (Google)" <[EMAIL PROTECTED]>
> > > > > > > > > > wrote:
>
> > > > > > > > > > > Hi,
>
> > > > > > > > > > > On Sep 9, 11:11 am, Josh <[EMAIL PROTECTED]> wrote:
>
> > > > > > > > > > > > I am trying to make the move from secure=0 to secure=1
> > > > > > > > > > > > with my PHP
> > > > > > > > > > > > site, and I am having some problems. I created .jks and
> > > > > > > > > > > > .pem files
> > > > > > > > > > > > using Java and uploaded the .pem file to Google. What
> > > > > > > > > > > > do I do with
> > > > > > > > > > > > the .jks file though? Where do I put it or how do I
> > > > > > > > > > > > invoke it?
>
> > > > > > > > > > > If you're using PHP you don't do anything with the .jks
> > > > > > > > > > > file. If
> > > > > > > > > > > you're
> > > > > > > > > > > not using Java, using openssl to create a .pem is the way
> > > > > > > > > > > to go:
>
> > > > > > > > > > >http://code.google.com/apis/gdata/authsub.html#Registered
>
> > > > > > > > > > > > Everything works with h9 and secure=0, just trying to
> > > > > > > > > > > > get secure=1
> > > > > > > > > > > > working before I test with "health." I have read a
> > > > > > > > > > > > number of forum
> > > > > > > > > > > > posts but cannot quite figure out how to get this
> > > > > > > > > > > > working.
>
> > > > > > > > > > > Have you registered your domain with health? This is a
> > > > > > > > > > > separate
> > > > > > > > > > > registration
> > > > > > > > > > > fromhttps://www.google.com/accounts/ManageDomains.
> > > > > > > > > > > Here's the API
> > > > > > > > > > > ToS where
> > > > > > > > > > > you can do that:
>
> > > > > > > > > > >http://services.google.com/events/googhealthdevelopers
>
> > > > > > > > > > > p.s. you won't be able to use /health until final
> > > > > > > > > > > approval. It's
> > > > > > > > > > > important
> > > > > > > > > > > to get secure=1 tokens working with /h9 first.
>
> > > > > > > > > > > Eric
>
> > > > > > > > > > > > Thanks!- Hide quoted text -
>
> > > > > > > > > > > - Show quoted text -- Hide quoted text -
>
> > > > > > > > > - Show quoted text -- Hide quoted text -
>
> > > > > > > - Show quoted text -- Hide quoted text -
>
> > > > > - Show quoted text -- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> > - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Health Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/googlehealthdevelopers?hl=en
-~----------~----~----~----~------~----~------~--~---
