Hi Erick, Thx for the suggestions. I've rewritten the code so that it only includes the OAuth parameters in the header but I still received the 401 error. So I used the the playground you linked to get an access token from your system. Once I got an access token I copied from the playground application to my application and was successfully able to fetch the requested data. At that point I was certain there must be something wrong with the token I've been saving. As it turns out I was escaping the token twice so / became %2F and then %252F and really was an invalid token. However now that I've fixed that little problem I get a new problem. I now get a 403 Forbidden Error (with no OAuth specific error message returned in the response). Can you tell me what conditions might cause your system to respond with a 403?
The full error message with the 403 is: HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=UTF-8 Transfer-Encoding: chunked Date: Mon, 06 Oct 2008 22:32:52 GMT Expires: Mon, 06 Oct 2008 22:32:52 GMT Cache-Control: private, max-age=0 Set-Cookie: S=weaver=xPHtYk1ZCLY; Domain=.google.com; Path=/ Server: GFE/1.3 Oops an error has occured. Please include the following information in your error report: AP52v_QbMeK9WKvER86KzJwDJnBeSAZpz6ITTJJn2oDzeC4dzOnMbW07pHj1tUakTPnqxRwRDT_x0_Z3-bYKgT7Rf4PwND-92IMdogyz2gJLKtsMfW9oeO79dhH-GlDKfryeFd1gJlC1TnfGCXNqwYv8KDgLTpw_p9HMIvaOwHA4AGRi9Qy0kLYpY99CuVnoiar1cG-P_TeLwNTU3RgzOFPrnaXCq2OSUQkg2fX7TCNAn9lFM4YwjxSJcMN19OjnuBxV6qCk5poNHwtochcP7SPBS9JpxiGuTlVui9Vf-WTQFvcwBLbdNLzI0r_e8PeR-AMA0IQ_E5-S3GDEJWXlKPm2_g4B0nRx4-iLX0LOun4SOIfwzq3YSllyRB-MDugEi4Y0TT8NYl_dDEt1oLDmTn7GhjL7HMQNV5FP3WDCldLZXrazodR65cvz2of7qUoUf6kFFTLugHB2du7pqNFjnxH-5i1orPgRIxy3xk4okTs0TPcl8nmjDGnzKuMl580E1tu9ZrAhaaHX_qGOIFB6886PRyBpiWXvbuF2ioAEEDXMGT3IXoNDKqL0-ESAP47PMMr5Ko6-pG0Uxhm99K0mhYyYtqtOHdDRYPERlU47xJT5E2rr4cwZ-pB4kgUlSGOmWdVWanpipdLN2JCkbKUk6CbN110TO977B--4J9HeBnVcG1CCmxzZnW1NfL0oW7SLpzPeHqspETD1-8oTwgCskaJu6c1IhFHtgl8QlsmL5LIABO8tBDwrcJ6KoU148K0umkWBUGRDp_nw0KQOrNgmm_Nvzvql2YvF9jpWT1aqmmNBA2xDhbaODMgqDWpfz-AuzQelSCXcKCkL6zBCujnxDTjy9UxsG-ZzUxXRuJkV29dxkC1cz2s2V3MwlbhFdbs6MqMXabhpxjBKqti5B1zkz9OTwuSxA1rATBrXcJyBPl5KbrykOw94D6vkDz2BrtJcDEKdygpYGSWIqlVeRAwno350VHj-NNPPh8n9vbV5HMSEzEOXzxVtnsOZ2XSbUvsrQda5eooHsLBZmDJD7K4YZWKvo1FUnqblCHsYPPYs5hcjmXpi69sbVwFmmgPBZxbvengvFgzFKSvPkeaE21_xFHkVjddvB-PCl4spQpgxQy4zmDiVMqS65n7hKD5jq7jCCAGnnGt7FUIn3UjGTKkFHTzeSnYNkyTtFZ5RITNZEHKub4UAiqZ8RFvlkhWJ8KOKhnpd5zxKuE2Ku7zYmvzCwCVk-UDfgGdYUaHQGwMEg0GEDTPysXPy4j3O3keGKTgx3gOL6zsS0CyJqqSJgq5XbfSwxt4R4ZtjlnDypnbrgnzdLnRhpRHWrO6gg8rGuQVd8AQnm3UQJTiysfFmP4G6zHbnSSQf0OVzVDfYxlPadEVvgmwLMygedNaVcEWMLp1XYMjVHkvj7oA1kLLI45XP9croamaCkU2Ajh5hy5MlZvcaCEP1naM6SYo= On Sun, Oct 5, 2008 at 7:19 PM, Eric (Google) <[EMAIL PROTECTED]> wrote: > > Hi Shawn, > > Are you still receiving 401's when querying the profiles feed? > > This may be an issue with your request and base string > not matching. I see you're sending the oauth_* parameters > in the Authorization header AND the query string. > Try using one or the other, but I recommend the Authorization > header. Your request would become: > > GET /h9/feeds/profile/default/-/medication > Authorization OAuth ... > > You can also test using the OAuth Playground to > help verify your base string and headers: > http://googlecodesamples.com/oauth_playground/ > > Note: change the oauth_consumer_key to your own > domain and enter your own private key by clicking > 'use your own private key' > > Regarding the AuthSub realm: > This is a known issue across all of the Google Data APIs > and we're working on getting that error message > updated--so you can ignore it. I assure you the request > is hitting the OAuth handler. > > Eric > > On Oct 3, 2:07 pm, Shawn Kessler <[EMAIL PROTECTED]> wrote: > > It's probably also important to note that my access token was > > authorized for scope=https://www.google.com/h9/feeds/ > > > > Thanks again, > > Shawn > > > > On Oct 3, 12:11 pm, "Shawn Kessler" <[EMAIL PROTECTED]> wrote: > > > > > One difference I noticed is that I wasn't including the oauth_version > in my > > > request. I've added that and have the same results. So now I have the > > > following request: > > > > >https://www.google.com/h9/feeds/profile/default/-/medication?oauth_to. > .. > > > > > And my header is: > > > GET > > > > /h9/feeds/profile/default/-/medication?oauth_token=1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_consumer_key= > www.pharmasurveyor.com > > > > &oauth_signature_method=RSA-SHA1&oauth_timestamp=1223060790&oauth_nonce=171594414794547&oauth_version=1.0&oauth_signature=qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D > > > Authorization: OAuth > > > oauth_token="1%252FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro", > > > oauth_consumer_key="www.pharmasurveyor.com", > > > oauth_signature_method="RSA-SHA1", oauth_timestamp="1223060790", > > > oauth_nonce="171594414794547", oauth_version="1.0", > > > > oauth_signature="qV1dkOSmzesJDe2CjITM9%2BzLH%2FLLbYkutNwT0BpVX%2BZfC7iljnFANyooi%2FIaKot5mYQNpPNVlexNKj4%2BNPurreaZ20BBA%2FzIZMXxRKPLMRGUr%2Fa2dxyHMRpEypTQ8WO8D%2FIal%2FHWQuZrxklBI7YeE7rPgTFiT97sAOOvsxUCTUM%3D" > > > User-Agent: Jakarta Commons-HttpClient/3.1 > > > Host:www.google.com > > > > > to which Google is responding with: > > > HTTP/1.1 401 Token invalid - Invalid AuthSub token. > > > WWW-Authenticate: AuthSub realm=" > http://www.google.com/accounts/AuthSubRequest"; > > > Content-Type: text/html; charset=UTF-8 > > > Date: Fri, 03 Oct 2008 19:07:44 GMT > > > Expires: Fri, 03 Oct 2008 19:07:44 GMT > > > Cache-Control: private, max-age=0 > > > Content-Length: 199 > > > Set-Cookie: S=weaver=7oYjORQ5cZc; Domain=.google.com; Path=/ > > > Server: GFE/1.3 > > > > > Do I need to set the realm to something specific in my header to use > OAuth? > > > I don't see that mentioned in the documentation anywhere but it still > looks > > > like my request keeps getting handled by the AuthSub request handler > instead > > > of the OAuth request handler. > > > > > Thanks again for any help. > > > > > Shawn > > > > > On Fri, Oct 3, 2008 at 9:30 AM, Shawn Kessler <[EMAIL PROTECTED]> > wrote: > > > > Thanks for the help Erick. This project had been put on hold but I'm > back > > > > to it now. I successfully registered the domain with h9 and can now > get an > > > > OAuth Access token. However I haven't been able to successfully > request any > > > > data with that token so I'm back looking for more help. I go through > the > > > > token exchange process and this is the final response I get from h9 > (during > > > > token exchange): > > > > > > > oauth_token=1%2FtpyFG2wRxCue1KA8RmQTMQwS51WsrmNKmhHfTNxEWro&oauth_token_secret=BJzcOyqnDYQNK%2BqhKySzGHga > > > > > > At this point I look in my h9 test user profile and see that my > account has > > > > been successfully linked. > > > > > > Now when I create a request for data like so: > > > > > > > https://www.google.com/h9/feeds/profile/default/-/medication?oauth_to... > > > > > > h9 responds with: > > > > HTTP/1.1 401 Token invalid - Invalid AuthSub token. > > > > WWW-Authenticate: AuthSub realm=" > > > >http://www.google.com/accounts/AuthSubRequest"; > > > > Content-Type: text/html; charset=UTF-8 > > > > Date: Fri, 03 Oct 2008 16:10:19 GMT > > > > Expires: Fri, 03 Oct 2008 16:10:19 GMT > > > > Cache-Control: private, max-age=0 > > > > Content-Length: 199 > > > > Set-Cookie: S=weaver=7OP11q2-f5c; Domain=.google.com; Path=/ > > > > Server: GFE/1.3 > > > > > > What's not 100% clear to me is if Google fully supports OAuth (from > token > > > > creation all the way through making requests for data) or if I can > only use > > > > the OAuth implementation to get the token but then have to revert to > AuthSub > > > > style requests for data (with the token I got via OAuth). > > > > > > I'm not sure what else to do, the code I'm using has worked > successfully > > > > with another OAuth provider and I don't appear to have any way from > my test > > > > user account to see what value Google has for my token (would this be > a > > > > useful debugging capability in h9?). Should I be using a different > URL when > > > > requesting data via OAuth; the error message makes it sound like > Google is > > > > expecting the parameters to be formatted in a manner that AuthSub > > > > understands which may not be the same as how OAuth wants them > formattted. > > > > Any help or suggestions here would be greatly appreciated. > > > > > > Shawn > > > > > > On Mon, Aug 25, 2008 at 1:33 PM, Eric (Google) <[EMAIL PROTECTED] > >wrote: > > > > > >> Hi Shawn, > > > > > >> Great questions. We currently don't have OAuth documented > > > >> for the Health API, so I'll try and answer your questions here. > > > > > >> On Aug 25, 10:34 am, Shawn Kessler <[EMAIL PROTECTED]> wrote: > > > >> > Hello, > > > > > >> > I'm currently trying to use the OAuth authentication with Google > > > >> > Health. I've done steps one through three that Jerry posted > (http:// > > > >> > > groups.google.com/group/googlehealthdevelopers/browse_thread/thread/ > > > >> > aa2482e8c76a84a7) but step > > > >> > four has stumped me. All of the documentation I can find on how to > use > > > >> > h9 seems to only directly apply to the SubAuth authentication with > > > >> > little notes about OAuth intermixed (notes like: "you can also use > > > >> > OAuth," which aren't incredibly helpful.) Is there some > documentation > > > >> > that gives step by step instructions on how to use h9 in > conjunction > > > >> > with OAuth? If not, perhaps my question can be answered here. As > of > > > >> > right now I have two domains registered on the "regular" Google > site. > > > >> > The domains are registered, verified and my certificate has been > > > >> > uploaded. I have a Java app running in Tomcat that is making a > > > >> > successful request tohttps:// > > > >>www.google.com/accounts/OAuthGetRequestToken?... > > > >> > scope=http%3A%2F%2Fwww.google.com > %2Fh9%2Ffeeds%2Fprofile%2Fdefault > > > > > >> You should use a broader scope, and for HTTPS: > > > >>https://www.google.com/h9/feeds/ > > > > > >> For example, if you usehttps:// > www.google.com/h9/feeds/profile/default, > > > >> your application won't be able to POST notices at > > > >>https://www.google.com/h9/feeds/register/default > > > > > >> > This request is returning successfully and eventually I'm > redirected > > > >> > to the weaver login page. When I login (with the account that has > been > > > >> > approved for testing) the browser displays an error page that > says: > > > > > >> > Error > > > >> > Invalid Usage > > > >> > Sharing denied: unregistered provider domain:www.mydomain.com > > > > > >> > I'm assuming the problem is that my domain isn't registered on > weaver, > > > >> > only on the real site. So two questions. 1) When testing on h9 > should > > > >> > I be using this URL: > > > >>https://www.google.com/accounts/OAuthGetRequestToken > > > >> > or should I be using something more likehttps:// > > > >>www.google.com/h9/accounts/OAuthGetRequestToken > > > >> > and 2) where do I register my domains so that they work on weaver > or > > > >> > do I have to usehttp://localhost?IfIhave to use localhost then I > > > >> > have a bunch of other questions but I'll wait for your initial > answers > > > >> > before going there. > > > > > >> 1.) You should use > https://www.google.com/accounts/OAuthGetRequestToken, > > > >> OAuthAuthorizeToken, and OAuthGetAccessToken for the token > endpoints. > > > >> You'll automatically be redirected from OAuthAuthorizeToken to > > > >> Health's > > > >> special oauth handler > > > >> athttps://www.google.com/(h9|health)/oauth<http://www.google.com/%28h9%7Chealth%29/oauth> > <https://www.google.com/%28h9%7Chealth%29/oauth> > > > > > >> 2.) The Health API has an additional registration process. > > > >> Send an email to [EMAIL PROTECTED] and include a list > of > > > >> the subdomains you plan to use. > > > > > >> > For the sake of testing my own theory I changed my code to use the > > > >> > real google health feed instead: > > > >>https://www.google.com/accounts/OAuthGetRequestToken?... > > > >> > scope=http%3A%2F%2Fwww.google.com > %2Fhealth%2Ffeeds%2Fprofile%2Fdefault > > > > > >> > This resulted in the exact same behavior (Invalid Usage error). > > > > > >> > I double checked my domains and they are registered with enhanced > > > >> > security and I followed the steps here: > > > >> > http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.... > > > >> > including step 5 (Test your registration status.), which > succeeded. > > > > > >> You have to be white-listed for API calls to /health, so only use > /h9 > > > >> URIs for now. > > > > > >> > If I change my oauth_consumer_key value fromwww.mydomain.comtoabad > > > >> > domain namewww.baddomain.comthenInever reach the login page (I get > > > >> > a bad oauth_consumer_key error before even getting the chance to > > > >> > login). So I feel confident that the authentication process is > > > >> > recognizing my domain but for some reason the domain isn't fully > > > >> > registered to be used with Google Health. I'm not sure what to do > to > > > >> > fix this. > > > > > >> > As reference I've read through these two pages: > > > >> > http://code.google.com/apis/accounts/docs/OAuth.htmlhttp://code.googl..... > > > >> .. > > > > > >> > Thanks for you help, > > > >> > Shawn > > > > > > -- > > > > Hate is baggage. > > > > > >http://www.robynkesslerphotography.com > > > > > -- > > > Hate is baggage. > > > > >http://www.robynkesslerphotography.com > > > -- Hate is baggage. http://www.robynkesslerphotography.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
