Thanks Kosso for writing this up. I'm sure it will be very valuable
to those looking at doing this in the future.
> Hi,
> After weeks of hair-tearing, I have finally worked out how to use PHP
> and Curl to perform a Secure (Registered Web App) and 'signed' request
> to a Google Service! Hurrah! ;)
> In this example, I am using Blogger to list the Blogs associated with
> the user's account.
> No data is stored - I leave that up to you, but point out where you
> need to do this.
> It works like this:
> 0. Register your web application (the php script)http://code.google.com/apis/accounts/RegistrationForWebApps.html
> 1. Provide a link for the user to click to go to Google, presenting a
> Grant/Deny button to allow your script to use a particular Google
> service ('scope') - note: If you see the Warning at this stage, your
> script is not properly registered with Google.
> 2. This returns a single-use 'token'. In order have a token we can
> store, to use again and again for your user, you need to 'Exchange'
> this for a 'Session' token, which will never expire.
> 3. Perform an Authorized request to the exchange service.
> 4. This returns a token (key-value pair) which you can then store for
> your user for future requests.
> 5. Now use this to request the Blogger API for a list of this user's
> blogs.
> The tricky bit can be in understanding the 'secure' 'signed' 'data'.http://code.google.com/apis/accounts/AuthForWebApps.html#signingrequests
> I have added plenty of comments and links in the PHP source presented
> here to explain what is going on, each step of the way.
> I hope this helps other like me, who were rapidly losing hair! ;)
> Thanks to Pete Hopkins and Ryan Boyd for their assistance in the
> Groups.
> Here you go:http://kosso.co.uk/PHP/blogger_google_secure_AuthSub.phps
> Cheers!
> Kosso [aka camoby]http://kosso.wordpress.comhttp://bloghud.comhttp://podcast.com
