Hi Shawn, Are you still receiving 401's when querying the profiles feed?
This may be an issue with your request and base string not matching. I see you're sending the oauth_* parameters in the Authorization header AND the query string. Try using one or the other, but I recommend the Authorization header. Your request would become: GET /h9/feeds/profile/default/-/medication Authorization OAuth ... You can also test using the OAuth Playground to help verify your base string and headers: http://googlecodesamples.com/oauth_playground/ Note: change the oauth_consumer_key to your own domain and enter your own private key by clicking 'use your own private key' Regarding the AuthSub realm: This is a known issue across all of the Google Data APIs and we're working on getting that error message updated--so you can ignore it. I assure you the request is hitting the OAuth handler. Eric On Oct 3, 2:07 pm, Shawn Kessler <[EMAIL PROTECTED]> wrote: > It's probably also important to note that my access token was > authorized for scope=https://www.google.com/h9/feeds/ > > Thanks again, > Shawn > > On Oct 3, 12:11 pm, "Shawn Kessler" <[EMAIL PROTECTED]> wrote: > > > One difference I noticed is that I wasn't including the oauth_version in my > > request. I've added that and have the same results. So now I have the > > following request: > > >https://www.google.com/h9/feeds/profile/default/-/medication?oauth_to... > > > And my header is: > > GET > > /h9/feeds/profile/default/-/medication?oauth_token=1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_consumer_key=www.pharmasurveyor.com > > &oauth_signature_method=RSA-SHA1&oauth_timestamp=1223060790&oauth_nonce=171594414794547&oauth_version=1.0&oauth_signature=qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D > > Authorization: OAuth > > oauth_token="1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro", > > oauth_consumer_key="www.pharmasurveyor.com", > > oauth_signature_method="RSA-SHA1", oauth_timestamp="1223060790", > > oauth_nonce="171594414794547", oauth_version="1.0", > > oauth_signature="qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D" > > User-Agent: Jakarta Commons-HttpClient/3.1 > > Host:www.google.com > > > to which Google is responding with: > > HTTP/1.1 401 Token invalid - Invalid AuthSub token. > > WWW-Authenticate: AuthSub > > realm="http://www.google.com/accounts/AuthSubRequest"; > > Content-Type: text/html; charset=UTF-8 > > Date: Fri, 03 Oct 2008 19:07:44 GMT > > Expires: Fri, 03 Oct 2008 19:07:44 GMT > > Cache-Control: private, max-age=0 > > Content-Length: 199 > > Set-Cookie: S=weaver=7oYjORQ5cZc; Domain=.google.com; Path=/ > > Server: GFE/1.3 > > > Do I need to set the realm to something specific in my header to use OAuth? > > I don't see that mentioned in the documentation anywhere but it still looks > > like my request keeps getting handled by the AuthSub request handler instead > > of the OAuth request handler. > > > Thanks again for any help. > > > Shawn > > > On Fri, Oct 3, 2008 at 9:30 AM, Shawn Kessler <[EMAIL PROTECTED]> wrote: > > > Thanks for the help Erick. This project had been put on hold but I'm back > > > to it now. I successfully registered the domain with h9 and can now get an > > > OAuth Access token. However I haven't been able to successfully request > > > any > > > data with that token so I'm back looking for more help. I go through the > > > token exchange process and this is the final response I get from h9 > > > (during > > > token exchange): > > > > oauth_token=1%2FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_token_secret=BJzcOyqnDYQNK%2BqhKySzGHga > > > > At this point I look in my h9 test user profile and see that my account > > > has > > > been successfully linked. > > > > Now when I create a request for data like so: > > > >https://www.google.com/h9/feeds/profile/default/-/medication?oauth_to... > > > > h9 responds with: > > > HTTP/1.1 401 Token invalid - Invalid AuthSub token. > > > WWW-Authenticate: AuthSub realm=" > > >http://www.google.com/accounts/AuthSubRequest"; > > > Content-Type: text/html; charset=UTF-8 > > > Date: Fri, 03 Oct 2008 16:10:19 GMT > > > Expires: Fri, 03 Oct 2008 16:10:19 GMT > > > Cache-Control: private, max-age=0 > > > Content-Length: 199 > > > Set-Cookie: S=weaver=7OP11q2-f5c; Domain=.google.com; Path=/ > > > Server: GFE/1.3 > > > > What's not 100% clear to me is if Google fully supports OAuth (from token > > > creation all the way through making requests for data) or if I can only > > > use > > > the OAuth implementation to get the token but then have to revert to > > > AuthSub > > > style requests for data (with the token I got via OAuth). > > > > I'm not sure what else to do, the code I'm using has worked successfully > > > with another OAuth provider and I don't appear to have any way from my > > > test > > > user account to see what value Google has for my token (would this be a > > > useful debugging capability in h9?). Should I be using a different URL > > > when > > > requesting data via OAuth; the error message makes it sound like Google is > > > expecting the parameters to be formatted in a manner that AuthSub > > > understands which may not be the same as how OAuth wants them formattted. > > > Any help or suggestions here would be greatly appreciated. > > > > Shawn > > > > On Mon, Aug 25, 2008 at 1:33 PM, Eric (Google) <[EMAIL PROTECTED]>wrote: > > > >> Hi Shawn, > > > >> Great questions. We currently don't have OAuth documented > > >> for the Health API, so I'll try and answer your questions here. > > > >> On Aug 25, 10:34 am, Shawn Kessler <[EMAIL PROTECTED]> wrote: > > >> > Hello, > > > >> > I'm currently trying to use the OAuth authentication with Google > > >> > Health. I've done steps one through three that Jerry posted (http:// > > >> > groups.google.com/group/googlehealthdevelopers/browse_thread/thread/ > > >> > aa2482e8c76a84a7) but step > > >> > four has stumped me. All of the documentation I can find on how to use > > >> > h9 seems to only directly apply to the SubAuth authentication with > > >> > little notes about OAuth intermixed (notes like: "you can also use > > >> > OAuth," which aren't incredibly helpful.) Is there some documentation > > >> > that gives step by step instructions on how to use h9 in conjunction > > >> > with OAuth? If not, perhaps my question can be answered here. As of > > >> > right now I have two domains registered on the "regular" Google site. > > >> > The domains are registered, verified and my certificate has been > > >> > uploaded. I have a Java app running in Tomcat that is making a > > >> > successful request tohttps:// > > >>www.google.com/accounts/OAuthGetRequestToken?... > > >> > scope=http%3A%2F%2Fwww.google.com%2Fh9%2Ffeeds%2Fprofile%2Fdefault > > > >> You should use a broader scope, and for HTTPS: > > >>https://www.google.com/h9/feeds/ > > > >> For example, if you usehttps://www.google.com/h9/feeds/profile/default, > > >> your application won't be able to POST notices at > > >>https://www.google.com/h9/feeds/register/default > > > >> > This request is returning successfully and eventually I'm redirected > > >> > to the weaver login page. When I login (with the account that has been > > >> > approved for testing) the browser displays an error page that says: > > > >> > Error > > >> > Invalid Usage > > >> > Sharing denied: unregistered provider domain:www.mydomain.com > > > >> > I'm assuming the problem is that my domain isn't registered on weaver, > > >> > only on the real site. So two questions. 1) When testing on h9 should > > >> > I be using this URL: > > >>https://www.google.com/accounts/OAuthGetRequestToken > > >> > or should I be using something more likehttps:// > > >>www.google.com/h9/accounts/OAuthGetRequestToken > > >> > and 2) where do I register my domains so that they work on weaver or > > >> > do I have to usehttp://localhost?IfIhave to use localhost then I > > >> > have a bunch of other questions but I'll wait for your initial answers > > >> > before going there. > > > >> 1.) You should use https://www.google.com/accounts/OAuthGetRequestToken, > > >> OAuthAuthorizeToken, and OAuthGetAccessToken for the token endpoints. > > >> You'll automatically be redirected from OAuthAuthorizeToken to > > >> Health's > > >> special oauth handler > > >> athttps://www.google.com/(h9|health)/oauth<https://www.google.com/%28h9%7Chealth%29/oauth> > > > >> 2.) The Health API has an additional registration process. > > >> Send an email to [EMAIL PROTECTED] and include a list of > > >> the subdomains you plan to use. > > > >> > For the sake of testing my own theory I changed my code to use the > > >> > real google health feed instead: > > >>https://www.google.com/accounts/OAuthGetRequestToken?... > > >> > scope=http%3A%2F%2Fwww.google.com%2Fhealth%2Ffeeds%2Fprofile%2Fdefault > > > >> > This resulted in the exact same behavior (Invalid Usage error). > > > >> > I double checked my domains and they are registered with enhanced > > >> > security and I followed the steps here: > > >>http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.... > > >> > including step 5 (Test your registration status.), which succeeded. > > > >> You have to be white-listed for API calls to /health, so only use /h9 > > >> URIs for now. > > > >> > If I change my oauth_consumer_key value fromwww.mydomain.comtoabad > > >> > domain namewww.baddomain.comthenInever reach the login page (I get > > >> > a bad oauth_consumer_key error before even getting the chance to > > >> > login). So I feel confident that the authentication process is > > >> > recognizing my domain but for some reason the domain isn't fully > > >> > registered to be used with Google Health. I'm not sure what to do to > > >> > fix this. > > > >> > As reference I've read through these two pages: > > >>http://code.google.com/apis/accounts/docs/OAuth.htmlhttp://code.googl..... > > >> .. > > > >> > Thanks for you help, > > >> > Shawn > > > > -- > > > Hate is baggage. > > > >http://www.robynkesslerphotography.com > > > -- > > Hate is baggage. > > >http://www.robynkesslerphotography.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
