Comments inline. On Jan 26, 3:54 pm, David Leangen <[email protected]> wrote: > Thank you, Eric. > > Comments below. > > 401 errors are typically due to encoding/escaping > > > problems with the signature base string. > > Understood. > > I am relying on the library to do all this magic for me. ;-) > > > It may be that your key/secret/token is being double > > encoded or not encoded at all. As a starting point, > > I would use the values returned by Blogger (as is). > > Well, the way I have things set up is that I am using the Java lib in the > OAuth project to obtain the AccessToken, and I save the AccessToken in my > own OAuthService so I can reference it later. So far, so good with that. > > So, using this code, and using the AccessToken already obtained by Google, I > try to access the Blogger service. I am depending on the libraries to do all > the magic for me (hey, that's what they're for, right?), so I guess it's > just a matter of understanding what the libraries expect of me. I tried > reading through the code, but there's too much magic involved for me to > understand easily. > > Using this code, this is almost exactly the same as the code in the example > you pointed out here: > > http://code.google.com/p/gdata-java-client/source/browse/trunk/java/s... > > GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters(); > // Using consumer key and consumer secret as provided by Google > (unencoded) > oauthParameters.setOAuthConsumerKey( myUnencodedConsumerKey ); > oauthParameters.setOAuthConsumerSecret( myUnencodedConsumerSecret ); > oauthParameters.setScope( "http://www.blogger.com/feeds/"; ); > OAuthSigner signer = new OAuthHmacSha1Signer(); > // Retrieve the unencoding token string saved to my OAuthService > String token = oauthService.getToken(); > oauthParameters.setOAuthToken( token ); > bloggerService.setOAuthCredentials( oauthParameters, signer ); > URL feedUrl = new URL( "http://www.blogger.com/feeds/default/blogs"; > ); > Feed resultFeed = bloggerService.getFeed( feedUrl, BlogFeed.class ); > > The only differences or possible sources of error I can think of are: > > - there is no token secret anyway (but the spec does not state that > one is necessary when accessing data)
You're using HMAC-SHA1, so the token secret is necessary. Here's how to set it: http://code.google.com/p/gdata-java-client/source/browse/trunk/java/src/com/google/gdata/client/authn/oauth/OAuthParameters.java#369 That's what getAccessToken() doing for you. It parses the response body (oauth_token=CIPgkMaw_P____8B&oauth_token_secret=O7fDsdflblabutPV) and sets the secret for subsequent requests: http://code.google.com/p/gdata-java-client/source/browse/trunk/java/src/com/google/gdata/client/authn/oauth/OAuthHelper.java#365 > > - the token is not encoded correctly (but I am assuming that this is > handled > by the library, and in any case, when I try encoding it first, I get a > "bad token" error [or something like that--from memory]) > > Can you give me an idea of what the token should look like when I set it in > oauthParameters.setOAuthToken()? It looks like the toString() method encodes the params for you (http://code.google.com/p/gdata-java-client/source/browse/trunk/java/ src/com/google/gdata/client/authn/oauth/OAuthHelper.java#120), so this should be the value of oauth_token as returned by the server. > > Also, am I correct to assume that I can just copy/paste the consumer secret > and consumer key as provided by Google, and the library will correctly > encode them for me? Yes. > > BTW, I checked out the OAuth Playground, but it doesn't seem to allow me to > enter my own parameters, unless I missed something. You can enter your own conumer key/secret by changing the signature method dropdown to HMAC-SHA1. It doesn't let you input a token secret or access token :( You'll need to go through the whole OAuth dance. > > Anyway, your help is greatly appreciated! > =dml --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
