Eric,
I implemented the non-client library version you sent me above, I
stopped from getting the error message! However, now I can not
actually send data to and from my tester account on h9. No error
messages are thrown, but the data never shows up in the account. If I
take out the non-client version and use "$_SESSION['GHAuthSubToken'] =
Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);" and set
secure = 0, it goes back to working.
I am calling the non-client version to set the session token with
"$_SESSION['GHAuthSubToken'] = signedGET('https://www.google.com/h9/
authsub', $_GET['token']);" and the data won't go through. I've also
tried $_SESSION['GHAuthSubToken'] = signedGET('https://www.google.com/
accounts/AuthSubSessionToken, $_GET['token']); with the same results.
Am I calling this incorrectly or is it impossible to send secure,
signed requests to h9?
Thanks for the help!
On Sep 22, 11:59 am, Ralph <[EMAIL PROTECTED]> wrote:
> I can get the myrsakey.pem to display on my browser. When I make it so
> it can not be found, I get just a white screen. Is there a way for me
> to check that the key and certificate definitely match?
>
> The full $authSubURL comes out
> ashttps://www.google.com/h9/authsub?next=http%3A%2F%2Flocalhost&scope=h....
> The code to generate it is:
>
> ------------------------------------------------------------------------
> function GHAuthenticate($linktext='', $next='') {
> // If there is no AuthSub session or one-timetokenwaiting for
> us,
> // redirect the user to the AuthSub server to get one.
> if (!isset($_SESSION['GHAuthSubToken']) && !isset($_GET['token']))
> {
> if (! $next) {
> //LIVE NEXT VAR
> //$next = getCurrentUrl();
>
> //DEVELOPMENT NEXT VAR
> $next = 'http://localhost';
> }
> if (! $linktext) {
> $linktext = 'click here';
> }
> //DEVELOPMENT SCOPE
> $scope = 'https://www.google.com/h9/feeds';
>
> //PRODUCTION SCOPE
> //$scope = 'https://www.google.com/health/feeds';
>
> $secure = 1;
> $session = 1;
> $permission = 1;
> $authSubURL = Zend_Gdata_AuthSub::getAuthSubTokenUri($next,
> $scope,
> $secure,
> $session);
>
> //COMMENT OUT FOR PRODUCTION
> $authSubURL = str_replace('/accounts/AuthSubRequest', '/h9/
> authsub',
> $authSubURL . '&permission=' .
> $permission);
>
> // Could be replaced with a redirect...
> echo '<h3 id="google-signup">We apologize for the
> inconvenience, but you must first signup for a Google Health account
> or link your current Google Health to your PassportMD account before
> using this service. Please <a href="' . $authSubURL . '">' .
> $linktext . '</a> to do so now.</h3>';
>
> return;
> }
>
> // Convert an AuthSub one-timetokeninto a sessiontokenif
> needed
> if (!isset($_SESSION['GHAuthSubToken']) && isset($_GET['token']))
> {
> $client = new Zend_Gdata_HttpClient();
> // This sets your private key to be used to sign subsequent
> requests
>
> $client->setAuthSubPrivateKeyFile('/var/www/vhosts/passportmd.com/
> httpdocs/devteam/app/interfaces/front/secure/secure_inc/getreal_lib/
> myrsakey.pem', null, true);
> $sessionToken =
> Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client);
> // Set the long-lived sessiontokenfor subsequent requests
> //$client->setAuthSubToken($sessionToken);
> //$_SESSION['GHAuthSubToken'] =
> Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);
> //return $client;
> $_SESSION['GHAuthSubToken'] = $sessionToken;
> //$_SESSION['GHAuthSubToken'] =
> $client->setAuthSubToken($sessionToken);
>
> //$_SESSION['GHAuthSubToken'] =
> Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);
> }
>
> return
> Zend_Gdata_AuthSub::getHttpClient($_SESSION['GHAuthSubToken']);}
>
> -----------------------------------------------------------------------------------------------
>
> I am going through the non-client library now.
>
> Thanks again for all this help!
>
> On Sep 21, 1:08 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > If yourtokenupgrade was working before, I suspect it's a problem
> > with the data signing. Can you do the following
> > as a sanity check:
>
> > - Make sure myrsakey.pem is readable by your web server
> > and actually being read.
>
> > - Post the full $authSubURL so I can take a look.
>
> > - Try this non-client library version to see if it
> > works:http://gdatatips.blogspot.com/2008/07/secure-authsub-in-php.html
>
> > Eric
>
> > On Sep 20, 2:02 pm, Ralph <[EMAIL PROTECTED]> wrote:
>
> > > Hi, Eric,
>
> > > 1. Yes we're registered with Google Health
> > > 2. Sorry for that, I was forcing secure =1 in the URL while I was
> > > testing so we could still demo the application on localhost with
> > > $secure=0.
>
> > > We're still getting the sameerror.
>
> > > Thanks,
>
> > > Ralph
>
> > > On Sep 19, 6:11 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > > Hi Ralph,
>
> > > > I noticed a couple of things:
>
> > > > 1.) Have you registered your domain(s) with Google Health?
> > > > Signed requests won't work from localhost. Please
> > > > visithttp://services.google.com/events/googhealthdevelopers
>
> > > > 2.) I noticed your snippet had $secure = 0. Make sure it's
> > > > $secure=1 when you switch back to signed requests.
>
> > > > Cheers,
> > > > eric
>
> > > > On Sep 19, 2:40 pm, Ralph <[EMAIL PROTECTED]> wrote:
>
> > > > > Hello,
>
> > > > > I keep getting a403InvalidTokenerrorwhen trying to set secure =
> > > > > 1. We need to test the secure tokens for the production environment.
> > > > > Our code works with secure = 0 and we've uploaded the x.509 cert to
> > > > > our Manage Domains section and you can see where we invoke it below
> > > > > with the setAuthSubPrivateKeyFile() function.
>
> > > > > I've tried editing the code and making changes with no success.
>
> > > > > Here is our function code:
> > > > > ---------------------------------------------------------------------------
> > > > > -----------------------------------
> > > > > function GHAuthenticate($linktext='', $next='') {
> > > > > // If there is no AuthSub session or one-timetokenwaiting for
> > > > > us,
> > > > > // redirect the user to the AuthSub server to get one.
> > > > > if (!isset($_SESSION['GHAuthSubToken']) && !isset($_GET['token']))
> > > > > {
> > > > > if (! $next) {
> > > > > //LIVE NEXT VAR
> > > > > //$next = getCurrentUrl();
>
> > > > > //DEVELOPMENT NEXT VAR
> > > > > $next = 'http://localhost';
> > > > > }
> > > > > if (! $linktext) {
> > > > > $linktext = 'click here';
> > > > > }
> > > > > //DEVELOPMENT SCOPE
> > > > > $scope = 'https://www.google.com/h9/feeds';
>
> > > > > //PRODUCTION SCOPE
> > > > > //$scope = 'https://www.google.com/health/feeds';
>
> > > > > $secure = 0;
> > > > > $session = 1;
> > > > > $permission = 1;
> > > > > $authSubURL = Zend_Gdata_AuthSub::getAuthSubTokenUri($next,
> > > > > $scope,
> > > > > $secure,
> > > > > $session);
>
> > > > > //COMMENT OUT FOR PRODUCTION
> > > > > $authSubURL = str_replace('/accounts/AuthSubRequest',
> > > > > '/h9/
> > > > > authsub',
> > > > > $authSubURL . '&permission=' .
> > > > > $permission);
>
> > > > > // Could be replaced with a redirect...
> > > > > echo '<h3 id="google-signup">We apologize for the
> > > > > inconvenience, but you must first signup for a Google Health account
> > > > > or link your current Google Health to your PassportMD account before
> > > > > using this service. Please <a href="' . $authSubURL . '">' .
> > > > > $linktext . '</a> to do so now.</h3>';
>
> > > > > return;
> > > > > }
>
> > > > > // Convert an AuthSub one-timetokeninto a sessiontokenif
> > > > > needed
> > > > > if (!isset($_SESSION['GHAuthSubToken']) && isset($_GET['token']))
> > > > > {
> > > > > $client = new Zend_Gdata_HttpClient();
> > > > > // This sets your private key to be used to sign
> > > > > subsequent
> > > > > requests
> > > > >
> > > > > $client->setAuthSubPrivateKeyFile('/var/www/vhosts/passportmd.com/
> > > > > httpdocs/devteam/app/interfaces/front/secure/secure_inc/getreal_lib/
> > > > > myrsakey.pem', null, true);
> > > > > $sessionToken =
> > > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client);
> > > > > // Set the long-lived sessiontokenfor subsequent
> > > > > requests
> > > > > //$client->setAuthSubToken($sessionToken);
> > > > > //$_SESSION['GHAuthSubToken'] =
> > > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);
> > > > > //return $client;
> > > > > $_SESSION['GHAuthSubToken'] = $sessionToken;
> > > > > //$_SESSION['GHAuthSubToken'] =
> > > > > $client->setAuthSubToken($sessionToken);
>
> > > > > //$_SESSION['GHAuthSubToken'] =
> > > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);
> > > > > }
>
> > > > > return
> > > > > Zend_Gdata_AuthSub::getHttpClient($_SESSION['GHAuthSubToken']);}
>
> > > > > ---------------------------------------------------------------------------
> > > > > -----------------------------------
>
> > > > > Here is the fullerrormessage:
> > > > > ---------------------------------------------------------------------------
> > > > > ---------------------------------
> > > > > Fatalerror: Uncaught exception 'Zend_Gdata_App_AuthException' with
> > > > > message 'Tokenupgrade failed. Reason: <HTML> <HEAD> <TITLE>Invalid
> > > > > AuthSubtoken.</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000">
> > > > > <H1>InvalidAuthSubtoken.</H1> <H2>Error403</H2> </BODY> </HTML> '
> > > > > in /var/www/vhosts/passportmd.com/httpdocs/devteam/app/interfaces/
> > > > > front/secure/secure_inc/getreal_lib/Zend/Zend/Gdata/AuthSub.php:135
> > > > > Stack trace: #0 /var/www/vhosts/passportmd.com/httpdocs/devteam/app/
> > > > > interfaces/front/secure/secure_inc/getreal_lib/pmdgh.php(86):
> > > > > Zend_Gdata_AuthSub::getAuthSubSessionToken('1/6oCp_fTfrVj9N...',
> > > > > Object(Zend_Gdata_HttpClient)) #1 /var/www/vhosts/passportmd.com/
> > > > > httpdocs/devteam/app/interfaces/front/secure/healthbio/sync/sync-
> > > > > google.php(69): GHAuthenticate() #2 {main} thrown in /var/www/vhosts/
> > > > > passportmd.com/httpdocs/devteam/app/interfaces/front/secure/secure_inc/
> > > > > getreal_lib/Zend/Zend/Gdata/AuthSub.php on line 135
> > > > > ---------------------------------------------------------------------------
> > > > > ----------------------------------
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Health Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/googlehealthdevelopers?hl=en
-~----------~----~----~----~------~----~------~--~---
