One difference I noticed is that I wasn't including the oauth_version in my request. I've added that and have the same results. So now I have the following request:
https://www.google.com/h9/feeds/profile/default/-/medication?oauth_token=1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_consumer_key=www.pharmasurveyor.com&oauth_signature_method=RSA-SHA1&oauth_timestamp=1223060790&oauth_nonce=171594414794547&oauth_version=1.0&oauth_signature=qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D And my header is: GET /h9/feeds/profile/default/-/medication?oauth_token=1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_consumer_key= www.pharmasurveyor.com &oauth_signature_method=RSA-SHA1&oauth_timestamp=1223060790&oauth_nonce=171594414794547&oauth_version=1.0&oauth_signature=qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D Authorization: OAuth oauth_token="1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro", oauth_consumer_key="www.pharmasurveyor.com", oauth_signature_method="RSA-SHA1", oauth_timestamp="1223060790", oauth_nonce="171594414794547", oauth_version="1.0", oauth_signature="qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D" User-Agent: Jakarta Commons-HttpClient/3.1 Host: www.google.com to which Google is responding with: HTTP/1.1 401 Token invalid - Invalid AuthSub token. WWW-Authenticate: AuthSub realm=" http://www.google.com/accounts/AuthSubRequest"; Content-Type: text/html; charset=UTF-8 Date: Fri, 03 Oct 2008 19:07:44 GMT Expires: Fri, 03 Oct 2008 19:07:44 GMT Cache-Control: private, max-age=0 Content-Length: 199 Set-Cookie: S=weaver=7oYjORQ5cZc; Domain=.google.com; Path=/ Server: GFE/1.3 Do I need to set the realm to something specific in my header to use OAuth? I don't see that mentioned in the documentation anywhere but it still looks like my request keeps getting handled by the AuthSub request handler instead of the OAuth request handler. Thanks again for any help. Shawn On Fri, Oct 3, 2008 at 9:30 AM, Shawn Kessler <[EMAIL PROTECTED]> wrote: > Thanks for the help Erick. This project had been put on hold but I'm back > to it now. I successfully registered the domain with h9 and can now get an > OAuth Access token. However I haven't been able to successfully request any > data with that token so I'm back looking for more help. I go through the > token exchange process and this is the final response I get from h9 (during > token exchange): > > > oauth_token=1%2FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_token_secret=BJzcOyqnDYQNK%2BqhKySzGHga > > At this point I look in my h9 test user profile and see that my account has > been successfully linked. > > Now when I create a request for data like so: > > > https://www.google.com/h9/feeds/profile/default/-/medication?oauth_token=1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_consumer_key=www.pharmasurveyor.com&oauth_signature_method=RSA-SHA1&oauth_timestamp=1223050147&oauth_nonce=160950110839785&oauth_signature=DwwfNrZSfa%2BHFdDNUS373Bm2lGxGgt3AaZXTUTWvumUeClM9uQOlYe8c5sQATRhoQb4hm%2F3hPJed823Vg8NOvfwxS2rODrTMP6S9BW%2B%2BhLyRq5PmtqSrDXgXToBq9yuAZCyx8EhxAbyP53fO292iO4tegrdqS8zzdsr1R%2BS8qIM%3D > > h9 responds with: > HTTP/1.1 401 Token invalid - Invalid AuthSub token. > WWW-Authenticate: AuthSub realm=" > http://www.google.com/accounts/AuthSubRequest"; > Content-Type: text/html; charset=UTF-8 > Date: Fri, 03 Oct 2008 16:10:19 GMT > Expires: Fri, 03 Oct 2008 16:10:19 GMT > Cache-Control: private, max-age=0 > Content-Length: 199 > Set-Cookie: S=weaver=7OP11q2-f5c; Domain=.google.com; Path=/ > Server: GFE/1.3 > > What's not 100% clear to me is if Google fully supports OAuth (from token > creation all the way through making requests for data) or if I can only use > the OAuth implementation to get the token but then have to revert to AuthSub > style requests for data (with the token I got via OAuth). > > I'm not sure what else to do, the code I'm using has worked successfully > with another OAuth provider and I don't appear to have any way from my test > user account to see what value Google has for my token (would this be a > useful debugging capability in h9?). Should I be using a different URL when > requesting data via OAuth; the error message makes it sound like Google is > expecting the parameters to be formatted in a manner that AuthSub > understands which may not be the same as how OAuth wants them formattted. > Any help or suggestions here would be greatly appreciated. > > Shawn > > > > On Mon, Aug 25, 2008 at 1:33 PM, Eric (Google) <[EMAIL PROTECTED]>wrote: > >> >> Hi Shawn, >> >> Great questions. We currently don't have OAuth documented >> for the Health API, so I'll try and answer your questions here. >> >> On Aug 25, 10:34 am, Shawn Kessler <[EMAIL PROTECTED]> wrote: >> > Hello, >> > >> > I'm currently trying to use the OAuth authentication with Google >> > Health. I've done steps one through three that Jerry posted (http:// >> > groups.google.com/group/googlehealthdevelopers/browse_thread/thread/ >> > aa2482e8c76a84a7) but step >> > four has stumped me. All of the documentation I can find on how to use >> > h9 seems to only directly apply to the SubAuth authentication with >> > little notes about OAuth intermixed (notes like: "you can also use >> > OAuth," which aren't incredibly helpful.) Is there some documentation >> > that gives step by step instructions on how to use h9 in conjunction >> > with OAuth? If not, perhaps my question can be answered here. As of >> > right now I have two domains registered on the "regular" Google site. >> > The domains are registered, verified and my certificate has been >> > uploaded. I have a Java app running in Tomcat that is making a >> > successful request tohttps:// >> www.google.com/accounts/OAuthGetRequestToken?... >> > scope=http%3A%2F%2Fwww.google.com%2Fh9%2Ffeeds%2Fprofile%2Fdefault >> >> You should use a broader scope, and for HTTPS: >> https://www.google.com/h9/feeds/ >> >> For example, if you use https://www.google.com/h9/feeds/profile/default, >> your application won't be able to POST notices at >> https://www.google.com/h9/feeds/register/default >> >> > >> > This request is returning successfully and eventually I'm redirected >> > to the weaver login page. When I login (with the account that has been >> > approved for testing) the browser displays an error page that says: >> > >> > Error >> > Invalid Usage >> > Sharing denied: unregistered provider domain:www.mydomain.com >> > >> > I'm assuming the problem is that my domain isn't registered on weaver, >> > only on the real site. So two questions. 1) When testing on h9 should >> > I be using this URL: >> https://www.google.com/accounts/OAuthGetRequestToken >> > or should I be using something more likehttps:// >> www.google.com/h9/accounts/OAuthGetRequestToken >> > and 2) where do I register my domains so that they work on weaver or >> > do I have to usehttp://localhost?If I have to use localhost then I >> > have a bunch of other questions but I'll wait for your initial answers >> > before going there. >> >> 1.) You should use https://www.google.com/accounts/OAuthGetRequestToken, >> OAuthAuthorizeToken, and OAuthGetAccessToken for the token endpoints. >> You'll automatically be redirected from OAuthAuthorizeToken to >> Health's >> special oauth handler at >> https://www.google.com/(h9|health)/oauth<https://www.google.com/%28h9%7Chealth%29/oauth> >> >> 2.) The Health API has an additional registration process. >> Send an email to [EMAIL PROTECTED] and include a list of >> the subdomains you plan to use. >> >> > >> > For the sake of testing my own theory I changed my code to use the >> > real google health feed instead: >> https://www.google.com/accounts/OAuthGetRequestToken?... >> > scope=http%3A%2F%2Fwww.google.com%2Fhealth%2Ffeeds%2Fprofile%2Fdefault >> > >> > This resulted in the exact same behavior (Invalid Usage error). >> > >> > I double checked my domains and they are registered with enhanced >> > security and I followed the steps here: >> http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.... >> > including step 5 (Test your registration status.), which succeeded. >> >> You have to be white-listed for API calls to /health, so only use /h9 >> URIs for now. >> >> > >> > If I change my oauth_consumer_key value fromwww.mydomain.comto a bad >> > domain namewww.baddomain.comthen I never reach the login page (I get >> > a bad oauth_consumer_key error before even getting the chance to >> > login). So I feel confident that the authentication process is >> > recognizing my domain but for some reason the domain isn't fully >> > registered to be used with Google Health. I'm not sure what to do to >> > fix this. >> > >> > As reference I've read through these two pages: >> http://code.google.com/apis/accounts/docs/OAuth.htmlhttp://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.. >> .. >> > >> > Thanks for you help, >> > Shawn >> >> >> > > > -- > Hate is baggage. > > http://www.robynkesslerphotography.com > -- Hate is baggage. http://www.robynkesslerphotography.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
