Eric, You were correct. Thanks for the help!
I am, however, confused in how to test signed requests. I have already registered our domain at https://www.google.com/accounts/ManageDomains and it is active. As far as I understand it, in order to become registered for production, we need to fill out the form at http://services.google.com/events/googhealthservices. But that form asks you to verify that our application works with signed requests. How can I verify this if we can't send signed requests on localhost for our development environment and if we can't get past the unregistered domain message on our production environment? Is there an approved domain we can use with our development environment to test? Thanks again. On Sep 22, 5:07 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote: > I think the problem is that you're still usinghttp://localhostas your next > url ($next = 'http://localhost';) > > $next needs to be set to your registered domain. > localhost won't work with signed requests. > Should you uncomment $next = getCurrentUrl();? > > Your AuthSub link will look something > like:https://www.google.com/h9/authsub?next=http://www.yourtestdomain.com/... > > Note: This link will give an "Invalidusage" error > becausewww.yourtestdomain.comisn't registered with Health. > > Eric > > On Sep 22, 11:32 am, Ralph <[EMAIL PROTECTED]> wrote: > > > Eric, > > > I implemented the non-client library version you sent me above, I > > stopped from getting the error message! However, now I can not > > actually send data to and from my tester account on h9. No error > > messages are thrown, but the data never shows up in the account. If I > > take out the non-client version and use "$_SESSION['GHAuthSubToken'] = > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']);" and set > > secure = 0, it goes back to working. > > > I am calling the non-client version to set the session token with > > "$_SESSION['GHAuthSubToken'] = signedGET('https://www.google.com/h9/ > > authsub', $_GET['token']);" and the data won't go through. I've also > > tried $_SESSION['GHAuthSubToken'] = signedGET('https://www.google.com/ > > accounts/AuthSubSessionToken, $_GET['token']); with the same results. > > > Am I calling this incorrectly or is it impossible to send secure, > > signed requests to h9? > > > Thanks for the help! > > > On Sep 22, 11:59 am, Ralph <[EMAIL PROTECTED]> wrote: > > > > I can get the myrsakey.pem to display on my browser. When I make it so > > > it can not be found, I get just a white screen. Is there a way for me > > > to check that the key and certificate definitely match? > > > > The full $authSubURL comes out > > > ashttps://www.google.com/h9/authsub?next=http%3A%2F%2Flocalhost&scope=h.... > > > The code to generate it is: > > > > ------------------------------------------------------------------------ > > > function GHAuthenticate($linktext='', $next='') { > > > // If there is no AuthSub session or one-timetokenwaiting for > > > us, > > > // redirect the user to the AuthSub server to get one. > > > if (!isset($_SESSION['GHAuthSubToken']) && !isset($_GET['token'])) > > > { > > > if (! $next) { > > > //LIVE NEXT VAR > > > //$next = getCurrentUrl(); > > > > //DEVELOPMENT NEXT VAR > > > $next = 'http://localhost'; > > > } > > > if (! $linktext) { > > > $linktext = 'click here'; > > > } > > > //DEVELOPMENT SCOPE > > > $scope = 'https://www.google.com/h9/feeds'; > > > > //PRODUCTION SCOPE > > > //$scope = 'https://www.google.com/health/feeds'; > > > > $secure = 1; > > > $session = 1; > > > $permission = 1; > > > $authSubURL = Zend_Gdata_AuthSub::getAuthSubTokenUri($next, > > > $scope, > > > $secure, > > > $session); > > > > //COMMENT OUT FOR PRODUCTION > > > $authSubURL = str_replace('/accounts/AuthSubRequest', > > > '/h9/ > > > authsub', > > > $authSubURL . '&permission=' . > > > $permission); > > > > // Could be replaced with a redirect... > > > echo '<h3 id="google-signup">We apologize for the > > > inconvenience, but you must first signup for a Google Health account > > > or link your current Google Health to your PassportMD account before > > > using this service. Please <a href="' . $authSubURL . '">' . > > > $linktext . '</a> to do so now.</h3>'; > > > > return; > > > } > > > > // Convert an AuthSub one-timetokeninto a sessiontokenif > > > needed > > > if (!isset($_SESSION['GHAuthSubToken']) && isset($_GET['token'])) > > > { > > > $client = new Zend_Gdata_HttpClient(); > > > // This sets your private key to be used to sign > > > subsequent > > > requests > > > > > > $client->setAuthSubPrivateKeyFile('/var/www/vhosts/passportmd.com/ > > > httpdocs/devteam/app/interfaces/front/secure/secure_inc/getreal_lib/ > > > myrsakey.pem', null, true); > > > $sessionToken = > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client); > > > // Set the long-lived sessiontokenfor subsequent requests > > > //$client->setAuthSubToken($sessionToken); > > > //$_SESSION['GHAuthSubToken'] = > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']); > > > //return $client; > > > $_SESSION['GHAuthSubToken'] = $sessionToken; > > > //$_SESSION['GHAuthSubToken'] = > > > $client->setAuthSubToken($sessionToken); > > > > //$_SESSION['GHAuthSubToken'] = > > > Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token']); > > > } > > > > return > > > Zend_Gdata_AuthSub::getHttpClient($_SESSION['GHAuthSubToken']);} > > > > ----------------------------------------------------------------------------------------------- > > > > I am going through the non-client library now. > > > > Thanks again for all this help! > > > > On Sep 21, 1:08 am, "Eric (Google)" <[EMAIL PROTECTED]> wrote: > > > > > If yourtokenupgrade was working before, I suspect it's a problem > > > > with the data signing. Can you do the following > > > > as a sanity check: > > > > > - Make sure myrsakey.pem is readable by your web server > > > > and actually being read. > > > > > - Post the full $authSubURL so I can take a look. > > > > > - Try this non-client library version to see if it > > > > works:http://gdatatips.blogspot.com/2008/07/secure-authsub-in-php.html > > > > > Eric > > > > > On Sep 20, 2:02 pm, Ralph <[EMAIL PROTECTED]> wrote: > > > > > > Hi, Eric, > > > > > > 1. Yes we're registered with Google Health > > > > > 2. Sorry for that, I was forcing secure =1 in the URL while I was > > > > > testing so we could still demo the application on localhost with > > > > > $secure=0. > > > > > > We're still getting the sameerror. > > > > > > Thanks, > > > > > > Ralph > > > > > > On Sep 19, 6:11 pm, "Eric (Google)" <[EMAIL PROTECTED]> wrote: > > > > > > > Hi Ralph, > > > > > > > I noticed a couple of things: > > > > > > > 1.) Have you registered your domain(s) with Google Health? > > > > > > Signed requests won't work from localhost. Please > > > > > > visithttp://services.google.com/events/googhealthdevelopers > > > > > > > 2.) I noticed your snippet had $secure = 0. Make sure it's > > > > > > $secure=1 when you switch back to signed requests. > > > > > > > Cheers, > > > > > > eric > > > > > > > On Sep 19, 2:40 pm, Ralph <[EMAIL PROTECTED]> wrote: > > > > > > > > Hello, > > > > > > > > I keep getting a403InvalidTokenerrorwhen trying to set secure = > > > > > > > 1. We need to test the secure tokens for the production > > > > > > > environment. > > > > > > > Our code works with secure = 0 and we've uploaded the x.509 cert > > > > > > > to > > > > > > > our Manage Domains section and you can see where we invoke it > > > > > > > below > > > > > > > with the setAuthSubPrivateKeyFile() function. > > > > > > > > I've tried editing the code and making changes with no success. > > > > > > > > Here is our function code: > > > > > > > --------------------------------------------------------------------------- > > > > > > > ----------------------------------- > > > > > > > function GHAuthenticate($linktext='', $next='') { > > > > > > > // If there is no AuthSub session or one-timetokenwaiting for > > > > > > > us, > > > > > > > // redirect the user to the AuthSub server to get one. > > > > > > > if (!isset($_SESSION['GHAuthSubToken']) && > > > > > > > !isset($_GET['token'])) > > > > > > > { > > > > > > > if (! $next) { > > > > > > > //LIVE NEXT VAR > > > > > > > //$next = getCurrentUrl(); > > > > > > > > //DEVELOPMENT NEXT VAR > > > > > > > $next = 'http://localhost'; > > > > > > > } > > > > > > > if (! $linktext) { > > > > > > > $linktext = 'click here'; > > > > > > > } > > > > > > > //DEVELOPMENT SCOPE > > > > > > > $scope = 'https://www.google.com/h9/feeds'; > > > > > > > > //PRODUCTION SCOPE > > > > > > > //$scope = 'https://www.google.com/health/feeds'; > > > > > > > > $secure = 0; > > > > > > > $session = 1; > > > > > > > $permission = 1; > > > > > > > $authSubURL = > > > > > > > Zend_Gdata_AuthSub::getAuthSubTokenUri($next, > > > > > > > $scope, > > > > > > > > > > > > > > $secure, > > > > > > > $session); > > > > > > > > //COMMENT OUT FOR PRODUCTION > > > > > > > $authSubURL = > > > > > > > str_replace('/accounts/AuthSubRequest', '/h9/ > > > > > > > authsub', > > > > > > > $authSubURL . '&permission=' . > > > > > > > $permission); > > > > > > > > // Could be replaced with a redirect... > > > > > > > echo '<h3 id="google-signup">We apologize for the > > > > > > > inconvenience, but you must first signup for a Google Health > > > > > > > account > > > > > > > or link your current Google Health to your PassportMD account > > > > > > > before > > > > > > > using this service. Please <a href="' . $authSubURL . '">' . > > > > > > > $linktext . '</a> to do so now.</h3>'; > > ... > > read more ยป --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
