The Hybrid protocol is not available with the Health API at the moment: http://groups.google.com/group/googlehealthdevelopers/browse_thread/thread/04b084a5eab38ded/82f147404fc5679b?hl=en#82f147404fc5679b
Eric On Apr 30, 3:25 pm, jgordon <[email protected]> wrote: > I have been attempting to implement Federated Login to Google Health > H9 following the instructions below: > > Implement federated login. (optional) > If you're implementing federated login, you may want to use the hybrid > protocol to combine the two authentication processes. With OpenID > +OAuth, the tasks of getting a request token and authorizing it are > handled using the OpenID request with OAuth extensions. As with > OAuthGetRequestToken, these extensions are used to identify the Google > services to be accessed. A successful response to the OpenID request > contains an authorized request token. Once this token is received, use > OAuthGetAccessToken to exchange it for an access token. > > I start by redirecting the user to the OpenID endpoint > (https://www.google.com/accounts/o8/ud) with the proper OAuth extension > attributes including the H9 scope > (openid.ext2.scope=https://www.google.com/h9/feeds/). The user is prompted > to login and allow > access to Weaver (H9). When the user selects Allow they are > redirected back to my site with a valid request token. That request > token is then submitted to the OAuthGetAccessToken interface > (https://www.google.com/accounts/OAuthGetAccessToken) which responds back with > an oauth_token and oauth_token_secret. According to all documentation > that token should be used to request data from Google services. > > When I attempt to use this token request a Google Health Profile > (https://www.google.com/h9/feeds/profile/default) I receive a (401) > Unauthorized error. I need to do more testing but I believe this may > be related to the mysterious undocumented permission parameter. > > When I attempted to follow the full OAuth dance I redirected the user > to OAuthAuthorizeToken (https://www.google.com/accounts/ > OAuthAuthorizeToken) which then redirected the user to H9 > (https://www.google.com/h9/oauth). The user was prompted to confirm linking > of > accounts but was told the domain would NOT be able to see any > information in your profile. After reading a few other group threads > I decided to add &permission=1 to the OAuthAuthorizeToken link which > forwarded the parameter to the H9 link. Magically the user was > prompted that the domain would have read access to their entire > profile. When I attempted to add this parameter to the OpenID > endpoint link it did not fix the (401) Unauthorized error. > > Any guidance on using Federated Login with Google Health would be > greatly appreciated. I intend to use Google Accounts to control > access to our site and it would be easier on the user flow if they did > not have to approve the access twice. Let me know if there is > something in the documentation I missed, a bug, or undocumented > feature I can take advantage of. Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
