If your token upgrade was working before, I suspect it's a problem with the data signing. Can you do the following as a sanity check:
- Make sure myrsakey.pem is readable by your web server and actually being read. - Post the full $authSubURL so I can take a look. - Try this non-client library version to see if it works: http://gdatatips.blogspot.com/2008/07/secure-authsub-in-php.html Eric On Sep 20, 2:02 pm, Ralph <[EMAIL PROTECTED]> wrote: > Hi, Eric, > > 1. Yes we're registered with Google Health > 2. Sorry for that, I was forcing secure =1 in the URL while I was > testing so we could still demo the application on localhost with > $secure=0. > > We're still getting the same error. > > Thanks, > > Ralph > > On Sep 19, 6:11 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote: > > > Hi Ralph, > > > I noticed a couple of things: > > > 1.) Have you registered your domain(s) with Google Health? > > Signed requests won't work from localhost. Please > > visithttp://services.google.com/events/googhealthdevelopers > > > 2.) I noticed your snippet had $secure = 0. Make sure it's > > $secure=1 when you switch back to signed requests. > > > Cheers, > > eric > > > On Sep 19, 2:40 pm, Ralph <[EMAIL PROTECTED]> wrote: > > > > Hello, > > > > I keep getting a403InvalidTokenerrorwhen trying to set secure = > > > 1. We need to test the secure tokens for the production environment. > > > Our code works with secure = 0 and we've uploaded the x.509 cert to > > > our Manage Domains section and you can see where we invoke it below > > > with the setAuthSubPrivateKeyFile() function. > > > > I've tried editing the code and making changes with no success. > > > > Here is our function code: > > > --------------------------------------------------------------------------- > > > ----------------------------------- > > > function GHAuthenticate($linktext='', $next='') { > > > // If there is no AuthSub session or one-timetokenwaiting for > > > us, > > > // redirect the user to the AuthSub server to get one. > > > if (!isset($_SESSION['GHAuthSubToken']) && !isset($_GET['token'])) > > > { > > > if (! $next) { > > > //LIVE NEXT VAR > > > //$next = getCurrentUrl(); > > > > //DEVELOPMENT NEXT VAR > > > $next = 'http://localhost'; > > > } > > > if (! $linktext) { > > > $linktext = 'click here'; > > > } > > > //DEVELOPMENT SCOPE > > > $scope = 'https://www.google.com/h9/feeds'; > > > > //PRODUCTION SCOPE > > > //$scope = 'https://www.google.com/health/feeds'; > > > > $secure = 0; > > > $session = 1; > > > $permission = 1; > > > $authSubURL = Zend_Gdata_AuthSub::getAuthSubTokenUri($next, > > > $scope, > > > $secure, > > > $session); > > > > //COMMENT OUT FOR PRODUCTION > > > $authSubURL = str_replace('/accounts/AuthSubRequest', > > > '/h9/ > > > authsub', > > > $authSubURL . '&permission=' . > > > $permission); > > > > // Could be replaced with a redirect... > > > echo '<h3 id="google-signup">We apologize for the > > > inconvenience, but you must first signup for a Google Health account > > > or link your current Google Health to your PassportMD account before > > > using this service. Please <a href="' . $authSubURL . '">' . > > > $linktext . '</a> to do so now.</h3>'; > > > > return; > > > } > > > > // Convert an AuthSub one-timetokeninto a sessiontokenif > > > needed > > > if (!isset($_SESSION['GHAuthSubToken']) && isset($_GET['token'])) > > > { > > > $client = new Zend_Gdata_HttpClient(); > > > // This sets your private key to be used to sign > > > subsequent > > > requests > > > > > > $client->setAuthSubPrivateKeyFile('/var/www/vhosts/passportmd.com/ > > > httpdocs/devteam/app/interfaces/front/secure/secure_inc/getreal_lib/ > > > myrsakey.pem', null, true); > > > $sessionToken = > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client); > > > // Set the long-lived sessiontokenfor subsequent requests > > > //$client->setAuthSubToken($sessionToken); > > > //$_SESSION['GHAuthSubToken'] = > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']); > > > //return $client; > > > $_SESSION['GHAuthSubToken'] = $sessionToken; > > > //$_SESSION['GHAuthSubToken'] = > > > $client->setAuthSubToken($sessionToken); > > > > //$_SESSION['GHAuthSubToken'] = > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']); > > > } > > > > return > > > Zend_Gdata_AuthSub::getHttpClient($_SESSION['GHAuthSubToken']);} > > > > --------------------------------------------------------------------------- > > > ----------------------------------- > > > > Here is the fullerrormessage: > > > --------------------------------------------------------------------------- > > > --------------------------------- > > > Fatalerror: Uncaught exception 'Zend_Gdata_App_AuthException' with > > > message 'Tokenupgrade failed. Reason: <HTML> <HEAD> <TITLE>Invalid > > > AuthSubtoken.</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> > > > <H1>InvalidAuthSubtoken.</H1> <H2>Error403</H2> </BODY> </HTML> ' > > > in /var/www/vhosts/passportmd.com/httpdocs/devteam/app/interfaces/ > > > front/secure/secure_inc/getreal_lib/Zend/Zend/Gdata/AuthSub.php:135 > > > Stack trace: #0 /var/www/vhosts/passportmd.com/httpdocs/devteam/app/ > > > interfaces/front/secure/secure_inc/getreal_lib/pmdgh.php(86): > > > Zend_Gdata_AuthSub::getAuthSubSessionToken('1/6oCp_fTfrVj9N...', > > > Object(Zend_Gdata_HttpClient)) #1 /var/www/vhosts/passportmd.com/ > > > httpdocs/devteam/app/interfaces/front/secure/healthbio/sync/sync- > > > google.php(69): GHAuthenticate() #2 {main} thrown in /var/www/vhosts/ > > > passportmd.com/httpdocs/devteam/app/interfaces/front/secure/secure_inc/ > > > getreal_lib/Zend/Zend/Gdata/AuthSub.php on line 135 > > > --------------------------------------------------------------------------- > > > ---------------------------------- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
