Hi Bess, There have been other users that mentioned that their OAuth libraries have difficulties with OAuth 1.0. The differences between the two versions are somewhat minor, however. Besides when the callback is sent, the other difference between OAuth 1.0 and 1.0a that I forgot to mention is the oauth_verifier, which is returned in the callback and re-sent to get the access token. Google's OAuth documents are for OAuth 1.0a, so developers will need to be aware of these two differences when integrating with Health.
There are two difficulties with using OAuth and mobile devices. The first are domain credentials (private keys), which shouldn't be stored on mobile devices. Anonymous OAuth works without domain credentials; however, anonymous OAuth currently isn't supported by Health yet since it doesn't allow for data attribution. With anonymous OAuth, the other issue is the second leg of the OAuth dance, where an OAuth service uses a URL sent from the client to return the request token and verifier. There are two options to deal with this that I know of (maybe more with OAuth WRAP or v2.0). The first is to use an "out of band" (oob) callback, which will display the oauth_token and oauth_verfier in a web page and ask a user to copy and paste them. The other is to use a bogus callback URL and have the embedded browser grab the OAuth request parameters before it tries to render the page. We are working to release example code to make Health/mobile integration easier, and will definitely keep the community informed of any advances! Cheers! Paul On Jul 28, 11:38 pm, Bess Ho <[email protected]> wrote: > Thanks Paul. This may explain how Android couldn't use Google OAuth for > Google Health until Google Health OAuth is upgraded to OAuth 1.0a and able > to use 3rd party OAuth Java lib that is on 1.0a. > > > > > > On Wed, Jul 28, 2010 at 7:38 PM, Paul (Google) <[email protected]> wrote: > > Hi Hari, > > > You use the same feeds when you authenticate with OAuth and AuthSub. > > The only difference is what you put in the "Authorization" header. > > > Bess: You're correct; AuthSub is initially easier to work with, and > > can be helpful for getting up to speed with Google's authorization > > services. For OAuth, Health currently supports OAuth 1.0, but not > > 1.0a, which means that the oauth_callback is sent in the second leg > > (1.0), not the first (1.0a). Also, Health requires RSA-SHA1 signing, > > so a client must have a verified X.509 certificate registered with > > Google. > > > I hope these tips help! Definitely let us know how it goes, Hari! > > > Paul > > > On Jul 21, 2:29 am, Bess Ho <[email protected]> wrote: > > > Hari, > > > > This is what I know but I am not sure this is more updated. Authsub is > > the > > > most comprehensive method for GH. GH support on OAuth is "?". I refer to > > the > > > degree of supporting everything. I heard GH support OAuth 1.0a but not > > OAuth > > > 2.0 yet. > > > > I would suggest you to try Authsub first. Once you get good results, then > > > try OAuth. > > > > On Tue, Jul 20, 2010 at 9:21 PM, Hari <[email protected]> wrote: > > > > Hi paul, > > > > > Thanks for your kind reply. > > > > > Given links are tells about authSub Feeds right?, but I am expecting > > > > oauth feeds for accessing (google health)CCR xml file. i have little > > > > confused, Is this feeds are common for both authsub and oauth? could > > > > you please clear me and give a sample code for access google health > > > > ccr file... > > > > > Thanks in advance > > > > > On Jul 20, 11:57 pm, "Paul (Google)" <[email protected]> wrote: > > > > > Hello Hari, > > > > > > The error indicates that the scope you're using to retrieve the OAuth > > > > > request token is too broad. You can find the correct scope and > > > > > service name in the table at the following location: > > > > > >http://code.google.com/apis/health/getting_started.html#Differences > > > > > > For the available Health feeds, you might want to look at: > > > > > >http://code.google.com/apis/health/docs/2.0/reference.html#Feeds > > > > > > Cheers! > > > > > > Paul (Google) > > > > > > On Jul 20, 5:15 am, Hari <[email protected]> wrote: > > > > > > > Dear Friends, > > > > > > > Today only we are register our domain in google. if i try to > > access > > > > > > user's CCR file from google through oauth, i got below Error > > > > > > > " > > > > > > We're sorry, an error has occurred. Please see the Google > > Health > > > > > > Help Center for assistance. > > > > > > > Sharing denied: Scope is too broad, please restrict > > > > towww.google.com/health/feedsornarrower. " > > > > > > > any body please give me a solution for this, and i got a sample > > code > > > > > > for access 1.Blogger, 2. Calendar, 3. Contacts, 4. Finance, 5. > > Picasa. > > > > > > These are working fine, but google health is not working, could you > > > > > > please > > > > > > any body tell me, What is the GoogleHealthService's scope, feedUrl > > and > > > > > > googleServiceName ??? > > > > > > > Thanks in advance > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Google Health Developers" group. > > > > To post to this group, send email to > > > > [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]<googlehealthdevelopers% > > > > [email protected]><googlehealthdevelopers% > > [email protected]> > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/googlehealthdevelopers?hl=en. > > > > -- > > > Bess Ho > > > UI Architect / Developer / Designer > > > iPhone Developer > > > Silicon Valley Web Builder (SVWB) Founder > > > > The information transmitted is intended only for the person or entity to > > > which it is addressed and may contain CONFIDENTIAL material. If you > > receive > > > this material/information in error, please contact the sender and delete > > or > > > destroy the material/information. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Health Developers" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<googlehealthdevelopers% > > [email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/googlehealthdevelopers?hl=en. > > -- > Bess Ho > UI Architect / Developer / Designer > iPhone Developer > Silicon Valley Web Builder (SVWB) Founder > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain CONFIDENTIAL material. If you receive > this material/information in error, please contact the sender and delete or > destroy the material/information. -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
