Subject: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
" Able to store the ClientLogin Auth token and client registration
IDs. The ClientLogin Auth token is included in the header of POST
requests that send messages. For more discussion of this topic, see
ClientLogin for Installed Applications. The server should store the
token and have a policy to refresh it periodically. "
I see that " the server should store the token and have a policy to
refresh it periodically."
Questions
1. How frequently the app server should refresh it
2. Can the refresh process be automated without having the user
intervention - ie. without have to to view the Captcha and enter the
information when a captcha is presented.
Please help me understand the process. I am not sure how to automate
the process as I am assuming that when the captcha is presented, a
user has to see it and type in the response to proceed.
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
From what I understand you can look for the header Update-Client-Auth in the response you get after sending a message. It indicates that this is the token to be used for the next message to send.
This is how it's handle on the App server for chrome to phone.
URL url = new URL(serverConfig.getC2DMUrl()); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); ... // Check for updated token header String updatedAuthToken = conn.getHeaderField("Update-Client-Auth"); if (updatedAuthToken != null && !authToken.equals(updatedAuthToken)) { serverConfig.updateToken(updatedAuthToken);
> " Able to store the ClientLogin Auth token and client registration > IDs. The ClientLogin Auth token is included in the header of POST > requests that send messages. For more discussion of this topic, see > ClientLogin for Installed Applications. The server should store the > token and have a policy to refresh it periodically. "
> I see that " the server should store the token and have a policy to > refresh it periodically."
> Questions
> 1. How frequently the app server should refresh it
> 2. Can the refresh process be automated without having the user > intervention - ie. without have to to view the Captcha and enter the > information when a captcha is presented.
> Please help me understand the process. I am not sure how to automate > the process as I am assuming that when the captcha is presented, a > user has to see it and type in the response to proceed.
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
Now how can I get the initial token - Looking at the documentation, I need to
POST request which should be structured as a form post with the default encoding application/x-www-form-urlencoded. Parameters should be included in the body of the post. Action URL parameter: https://www.google.com/accounts/ClientLogin
Handle captcha challenge and get the Authorization Token right ?
I believe this has to be only once.
Please confirm.
Thanks,
On Wed, Sep 15, 2010 at 11:53 AM, Johan Nilsson <markupart...@gmail.com>wrote:
> From what I understand you can look for the header Update-Client-Auth > in the response you get after sending a message. It indicates that > this is the token to be used for the next message to send.
> This is how it's handle on the App server for chrome to phone.
> > " Able to store the ClientLogin Auth token and client registration > > IDs. The ClientLogin Auth token is included in the header of POST > > requests that send messages. For more discussion of this topic, see > > ClientLogin for Installed Applications. The server should store the > > token and have a policy to refresh it periodically. "
> > I see that " the server should store the token and have a policy to > > refresh it periodically."
> > Questions
> > 1. How frequently the app server should refresh it
> > 2. Can the refresh process be automated without having the user > > intervention - ie. without have to to view the Captcha and enter the > > information when a captcha is presented.
> > Please help me understand the process. I am not sure how to automate > > the process as I am assuming that when the captcha is presented, a > > user has to see it and type in the response to proceed.
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
The server is going to send you a new token when the old one is about to expire - there is no Captcha involved. You shouldn't store your username/password on the server and attempt to do ClientLogin there - you would get Captchas and it's dangerous to store the password, which gives access to the entire account.
You need to do ClientLogin off-line ( either a script, or whatever you want ), and store the Auth token on the server. The token can only be used for C2DM, it won't allow access to anything else. And the server will give you a fresh one when the old one is about to expire.
Costin
On Wed, Sep 15, 2010 at 9:53 AM, Johan Nilsson <markupart...@gmail.com>wrote:
> From what I understand you can look for the header Update-Client-Auth > in the response you get after sending a message. It indicates that > this is the token to be used for the next message to send.
> This is how it's handle on the App server for chrome to phone.
> > " Able to store the ClientLogin Auth token and client registration > > IDs. The ClientLogin Auth token is included in the header of POST > > requests that send messages. For more discussion of this topic, see > > ClientLogin for Installed Applications. The server should store the > > token and have a policy to refresh it periodically. "
> > I see that " the server should store the token and have a policy to > > refresh it periodically."
> > Questions
> > 1. How frequently the app server should refresh it
> > 2. Can the refresh process be automated without having the user > > intervention - ie. without have to to view the Captcha and enter the > > information when a captcha is presented.
> > Please help me understand the process. I am not sure how to automate > > the process as I am assuming that when the captcha is presented, a > > user has to see it and type in the response to proceed.
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
> The server is going to send you a new token when the old one is about to > expire - there is > no Captcha involved. You shouldn't store your username/password on the > server and attempt > to do ClientLogin there - you would get Captchas and it's dangerous to > store the password, which > gives access to the entire account.
> You need to do ClientLogin off-line ( either a script, or whatever you want > ), and store the Auth > token on the server. The token can only be used for C2DM, it won't allow > access to anything else. > And the server will give you a fresh one when the old one is about to > expire.
> Costin
> On Wed, Sep 15, 2010 at 9:53 AM, Johan Nilsson <markupart...@gmail.com>wrote:
>> From what I understand you can look for the header Update-Client-Auth >> in the response you get after sending a message. It indicates that >> this is the token to be used for the next message to send.
>> This is how it's handle on the App server for chrome to phone.
>> > " Able to store the ClientLogin Auth token and client registration >> > IDs. The ClientLogin Auth token is included in the header of POST >> > requests that send messages. For more discussion of this topic, see >> > ClientLogin for Installed Applications. The server should store the >> > token and have a policy to refresh it periodically. "
>> > I see that " the server should store the token and have a policy to >> > refresh it periodically."
>> > Questions
>> > 1. How frequently the app server should refresh it
>> > 2. Can the refresh process be automated without having the user >> > intervention - ie. without have to to view the Captcha and enter the >> > information when a captcha is presented.
>> > Please help me understand the process. I am not sure how to automate >> > the process as I am assuming that when the captcha is presented, a >> > user has to see it and type in the response to proceed.
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
> On Wed, Sep 15, 2010 at 12:22 PM, Costin Manolache <cos...@google.com>wrote:
>> Yes, this is correct.
>> The server is going to send you a new token when the old one is about to >> expire - there is >> no Captcha involved. You shouldn't store your username/password on the >> server and attempt >> to do ClientLogin there - you would get Captchas and it's dangerous to >> store the password, which >> gives access to the entire account.
>> You need to do ClientLogin off-line ( either a script, or whatever you >> want ), and store the Auth >> token on the server. The token can only be used for C2DM, it won't allow >> access to anything else. >> And the server will give you a fresh one when the old one is about to >> expire.
>> Costin
>> On Wed, Sep 15, 2010 at 9:53 AM, Johan Nilsson <markupart...@gmail.com>wrote:
>>> From what I understand you can look for the header Update-Client-Auth >>> in the response you get after sending a message. It indicates that >>> this is the token to be used for the next message to send.
>>> This is how it's handle on the App server for chrome to phone.
>>> > " Able to store the ClientLogin Auth token and client registration >>> > IDs. The ClientLogin Auth token is included in the header of POST >>> > requests that send messages. For more discussion of this topic, see >>> > ClientLogin for Installed Applications. The server should store the >>> > token and have a policy to refresh it periodically. "
>>> > I see that " the server should store the token and have a policy to >>> > refresh it periodically."
>>> > Questions
>>> > 1. How frequently the app server should refresh it
>>> > 2. Can the refresh process be automated without having the user >>> > intervention - ie. without have to to view the Captcha and enter the >>> > information when a captcha is presented.
>>> > Please help me understand the process. I am not sure how to automate >>> > the process as I am assuming that when the captcha is presented, a >>> > user has to see it and type in the response to proceed.
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
You need to do ClientLogin off-line ( either a script, or whatever you want ), and store the Auth token on the server. The token can only be used for C2DM, it won't allow access to anything else. And the server will give you a fresh one when the old one is about to expire.
The ClientLogin auth token that's generated is done using the "Role account email" that we provided in the C2DM sign-up, correct? I've been doing:
I'm getting this error: com.google.android.c2dm.server.C2DMessaging sendNoRetry: Unauthorized - need token
I'm wondering: 1) Do we have to use an @gmail.com address or is any google apps managed account sufficient? 2) Does the package name provided in the setup matter? 3) What am I missing? How can I debug this?
Subject: Re: Question regarding see ClientLogin for Installed Applications. The server should store the token and have a policy to refresh it periodically.
On Wed, May 18, 2011 at 9:05 PM, George Mike <george.m...@gmail.com> wrote: > Hi Costin,
> You said:
> You need to do ClientLogin off-line ( either a script, or whatever you want > ), and store the Auth > token on the server. The token can only be used for C2DM, it won't allow > access to anything else. > And the server will give you a fresh one when the old one is about to > expire.
> The ClientLogin auth token that's generated is done using the "Role account > email" that we provided in the C2DM sign-up, correct? I've been doing:
> I'm getting this error: > com.google.android.c2dm.server.C2DMessaging sendNoRetry: Unauthorized - > need token
I'm not sure what you use - C2DMessaging ( the sample library from chrome2phone ) gets the token from a config, do you set it explicitly somehow ?
> I'm wondering: > 1) Do we have to use an @gmail.com address or is any google apps managed > account sufficient?
Any regular hosted or gmail account is ok - but it can't be a 'group'.
> 2) Does the package name provided in the setup matter?
No.
> 3) What am I missing? How can I debug this?
I suggest making a curl send request - with the token, etc.
If it doesn't work - you could send me (privately) the sender email and registration id. ( they can't be used without the sender token, which you should keep private and not send to arbitrary people on mailing lists :-)
