How do I generate Authorization header value for OAuth2?
171 views
Skip to first unread message
Vaibhav
Mar 20, 2012, 5:55:40 PM3/20/12
to adsen...@googlegroups.com
Given the following request, how does the API Explorer create the Authorization Header value :
GET https://www.googleapis.com/adsense/v1.1/reports?startDate=2012-02-01&endDate=2012-02-28&dimension=DATE&metric=CLICKS&pp=1 Authorization: OAuth AA...XM X-JavaScript-User-Agent: Google APIs Explorer
My goal is to use HTTP for all my queries to get JSON response ( I would like to use Perl )
Silvano Luciani
Mar 21, 2012, 5:39:12 AM3/21/12
to AdSense API Forum
Hello Vaibhav,
you can find all the information you need to implement the
authorization flow here:
https://developers.google.com/accounts/docs/OAuth2
We've recently added a couple of tutorials on OAuth 2.0 to the AdSense
API documentation:
https://developers.google.com/adsense/tutorials/
You will probably find useful to go through the generic tutorial,
which explains the flows for web applications:
https://developers.google.com/adsense/tutorials/oauth-generic
Let us know if you have any additional questions!
Cheers,
Silvano
--
Silvano Luciani | Developer Programs Engineer
Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London
SW1W 9TQ
Registered in England Number: 3977902
On Mar 20, 9:55 pm, Vaibhav <asfe-n...@oversee.net> wrote:
> Given the following request, how does the API Explorer create the Authorization Header value :
>
> GEThttps://www.googleapis.com/adsense/v1.1/reports?startDate=2012-02-01&...
you can find all the information you need to implement the
authorization flow here:
https://developers.google.com/accounts/docs/OAuth2
We've recently added a couple of tutorials on OAuth 2.0 to the AdSense
API documentation:
https://developers.google.com/adsense/tutorials/
You will probably find useful to go through the generic tutorial,
which explains the flows for web applications:
https://developers.google.com/adsense/tutorials/oauth-generic
Let us know if you have any additional questions!
Cheers,
Silvano
--
Silvano Luciani | Developer Programs Engineer
Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London
SW1W 9TQ
Registered in England Number: 3977902
On Mar 20, 9:55 pm, Vaibhav <asfe-n...@oversee.net> wrote:
> Given the following request, how does the API Explorer create the Authorization Header value :
>
Vaibhav
Mar 21, 2012, 3:52:01 PM3/21/12
to adsen...@googlegroups.com
thanks.
Looks like I need to
1. login using email and passwd
2. then do a GET request to /o/oauth2/auth/ with parameters
3. then do a POST request to /o/oauth2/token with auth code and other parameters to get the access_token
Do you you know which login url (step 1 above) should I use inorder to login?
Looks like I need to
1. login using email and passwd
2. then do a GET request to /o/oauth2/auth/ with parameters
3. then do a POST request to /o/oauth2/token with auth code and other parameters to get the access_token
Do you you know which login url (step 1 above) should I use inorder to login?
Vaibhav
Mar 21, 2012, 10:33:52 PM3/21/12
to adsen...@googlegroups.com
I am going to manually get the auth code as a one time thing and I am hoping that I will never require to get another auth code ( unless if the user gets revoked of course )
Then use the auth code to get access_token and refresh token using /o/oauth2/token url
Then I use the latest access_token for my API queries.
When my access_token expires I use the refresh_token to get a new access_token and continue with my API queries using the new access_token. Basically, I use same refresh_token whenever my access_token expires.
The questions is - How long can I use the refresh_token? Does it ever expire? The time it becomes invalid is when that user gets revoked from using the application. Is that the only case when it expires/unusable?
Then use the auth code to get access_token and refresh token using /o/oauth2/token url
Then I use the latest access_token for my API queries.
When my access_token expires I use the refresh_token to get a new access_token and continue with my API queries using the new access_token. Basically, I use same refresh_token whenever my access_token expires.
The questions is - How long can I use the refresh_token? Does it ever expire? The time it becomes invalid is when that user gets revoked from using the application. Is that the only case when it expires/unusable?
Silvano Luciani
Mar 22, 2012, 5:05:27 AM3/22/12
to AdSense API Forum
Hello Vaibhav,
about your first question, you just need to redirect to 'https://
accounts.google.com/o/oauth2/auth' (adding the appropriate set of
query string parameters).
If the user is not already logged in with their Google account, they
will be shown an authentication panel to log in before granting
permissions to your application.
About your second question, you can use the refresh token until it is
revoked, it never expires. The refresh token can be revoked manually
by the user or programmatically by an application, you can find more
details here:
https://developers.google.com/accounts/docs/OAuth2WebServer#tokenrevoke
Cheers,
Silvano
--
Silvano Luciani | Developer Programs Engineer
Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London
SW1W 9TQ
Registered in England Number: 3977902
about your first question, you just need to redirect to 'https://
accounts.google.com/o/oauth2/auth' (adding the appropriate set of
query string parameters).
If the user is not already logged in with their Google account, they
will be shown an authentication panel to log in before granting
permissions to your application.
About your second question, you can use the refresh token until it is
revoked, it never expires. The refresh token can be revoked manually
by the user or programmatically by an application, you can find more
details here:
https://developers.google.com/accounts/docs/OAuth2WebServer#tokenrevoke
Cheers,
Silvano
--
Silvano Luciani | Developer Programs Engineer
Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London
SW1W 9TQ
Registered in England Number: 3977902
Vaibhav
Mar 22, 2012, 1:10:50 PM3/22/12
to adsen...@googlegroups.com
Can I use the same refresh token for a long period of time? For instance to get a new access token every 2 hours? Thus my script would have requested 12 access tokens in a day, 360 access tokens in a month and so on...
I am aware of the fact that I am sending my refresh token,client secret to google under HTTPS. How does it make it better than sending username/password under HTTPS?
I am aware of the fact that I am sending my refresh token,client secret to google under HTTPS. How does it make it better than sending username/password under HTTPS?
Silvano Luciani
Mar 28, 2012, 6:10:10 AM3/28/12
to AdSense API Forum
Hello Vaibhav,
Sorry for the late answer but I was away.
You can use the refresh token as many times as you want, as long as
the user doesn't revoke its validity. Every access token expires after
3600 seconds, so for example you'd need to refresh the access token
every hour if you wanted to execute the script hourly.
About your second question, it is better from the perspective of users
accessing their personal data using 3rd party applications. With OAuth
2.0 they don't have to give their username/password to the developer
of the external application, as they log in on a Google server and
then grant authorization to the 3rd party application. When they don't
want to use the application anymore, they can revoke the validity of
the refresh token.
Let us know if you have any additional questions!
Cheers,
Silvano
--
Silvano Luciani | Developer Programs Engineer
Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London
SW1W 9TQ
Registered in England Number: 3977902
Sorry for the late answer but I was away.
You can use the refresh token as many times as you want, as long as
the user doesn't revoke its validity. Every access token expires after
3600 seconds, so for example you'd need to refresh the access token
every hour if you wanted to execute the script hourly.
About your second question, it is better from the perspective of users
accessing their personal data using 3rd party applications. With OAuth
2.0 they don't have to give their username/password to the developer
of the external application, as they log in on a Google server and
then grant authorization to the 3rd party application. When they don't
want to use the application anymore, they can revoke the validity of
the refresh token.
Let us know if you have any additional questions!
Cheers,
Silvano
--
Silvano Luciani | Developer Programs Engineer
Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London
SW1W 9TQ
Registered in England Number: 3977902
Reply all
Reply to author
Forward
0 new messages