Hi Aaron, You will need to save your OAuth token secret from the first leg (retrieve request token) for signing the request in the third leg (retrieve access token). Also, the realm and oauth_version parameters shouldn't be necessary, and if present, shouldn't cause an error, unless the oauth_version has an inappropriate value (i.e. not "1.0").
I've created an OAuth service class that hopefully takes some of the mystery out of authenticating. Feedback on it would be greatly appreciated! http://code.google.com/p/googlehealthsamples/source/browse/trunk/java/appengine/src/com/google/health/examples/appengine/oauth/OAuthService.java You'll need to use OAuth 1.0 (not 1.0a) for authenticating to H9 or Health, and although you can us non-anonymous HMAC-SHA1 with H9, you must the RSA-SHA1 with Health. Anonymous OAuth isn't supported on either, so you'll need to register your domain with the Health team. http://code.google.com/apis/health/getting_started.html#DomainRegistration The following is a lengthly thread on OAuth and Health, which includes notes on a couple of gotchas (OAuth 1.0 vs 1.0a, HMAC signing, etc.). http://groups.google.com/group/googlehealthdevelopers/browse_thread/thread/6b2381d1cef17dc8 I hope these help! Definitely let us know how it goes! Paul On Dec 20, 2:28 pm, Aaron Siri <[email protected]> wrote: > I'm having a lot of trouble accessing the default profile in H9 using > OAuth. I appear to get an access token but I can't use it to get any data. > > I'm using the GData APIs in Java with HMAC-SHA1 OAuth and a few things I've > noticed: > > 1. In the OAuth playground it looks like the the oauth_token_secret is not > used to access the resource but when I try to access the resource in my code > without it it complains that it isn't there. Does oauth_token_secret need > to be set? (I'm saving this away with the access token for reuse). When I > do set it I get the 401 Unknown authorization header message. > 2. The H9Service.getFeed(query,ProfileFeed.class) call that I'm using looks > like it puts a realm="" parameter into the authorization header but doesn't > put an oauth_version="1.0" parameter into the header. These both appear to > be different from what is done in the playground (where realm is not passed > but oauth_version is). Should that matter? How do I configure these using > the API? > > Walking through the steps in the OAuth playground using my info works fine > but it appears that the GData APIs calls the services a little differently. > > Any suggestions? Also, is there any way to get access to the actual URL and > headers that will be actually be used by getFeed() so I can see what is > going to be used? > > Thanks, > -Aaron -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
