I have been attempting to implement Federated Login to Google Health H9 following the instructions below:
Implement federated login. (optional) If you're implementing federated login, you may want to use the hybrid protocol to combine the two authentication processes. With OpenID +OAuth, the tasks of getting a request token and authorizing it are handled using the OpenID request with OAuth extensions. As with OAuthGetRequestToken, these extensions are used to identify the Google services to be accessed. A successful response to the OpenID request contains an authorized request token. Once this token is received, use OAuthGetAccessToken to exchange it for an access token. I start by redirecting the user to the OpenID endpoint (https:// www.google.com/accounts/o8/ud) with the proper OAuth extension attributes including the H9 scope (openid.ext2.scope=https:// www.google.com/h9/feeds/). The user is prompted to login and allow access to Weaver (H9). When the user selects Allow they are redirected back to my site with a valid request token. That request token is then submitted to the OAuthGetAccessToken interface (https:// www.google.com/accounts/OAuthGetAccessToken) which responds back with an oauth_token and oauth_token_secret. According to all documentation that token should be used to request data from Google services. When I attempt to use this token request a Google Health Profile (https://www.google.com/h9/feeds/profile/default) I receive a (401) Unauthorized error. I need to do more testing but I believe this may be related to the mysterious undocumented permission parameter. When I attempted to follow the full OAuth dance I redirected the user to OAuthAuthorizeToken (https://www.google.com/accounts/ OAuthAuthorizeToken) which then redirected the user to H9 (https:// www.google.com/h9/oauth). The user was prompted to confirm linking of accounts but was told the domain would NOT be able to see any information in your profile. After reading a few other group threads I decided to add &permission=1 to the OAuthAuthorizeToken link which forwarded the parameter to the H9 link. Magically the user was prompted that the domain would have read access to their entire profile. When I attempted to add this parameter to the OpenID endpoint link it did not fix the (401) Unauthorized error. Any guidance on using Federated Login with Google Health would be greatly appreciated. I intend to use Google Accounts to control access to our site and it would be easier on the user flow if they did not have to approve the access twice. Let me know if there is something in the documentation I missed, a bug, or undocumented feature I can take advantage of. Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
