Moved to OAuth and still reviving 401 on some Requests.

9 views
Skip to first unread message

clouDvice

unread,
Jun 25, 2010, 9:15:59 AM6/25/10
to Friends of the Unofficial Google Reader API
Hi all

I've been using the unofficial API for a while now on a personal tool
that I use to cut the chaff from the wheat in the feeds.

A couple of days ago my app started to recive a bunch of 302 errors, I
saw that the reader now supports OAuth so I have modified my
application to use OAuth and some of the services that were returning
302s are now working.

However, one, maybe some others too, don't work and return 401s

The one in-particular that I use is :
http://www.google.com/reader/api/0/item/likers?i=<GOOGLE-TAG/ID>&output=json&ck=<UNIXTIME>&client=<MY_CLIENT>

Is there any reason why I can't get this to work when any other
services I try work perfectly?



clouDvice

unread,
Jun 28, 2010, 6:32:24 AM6/28/10
to Friends of the Unofficial Google Reader API
Hey there all

I've moved back to the non OAuth method and using Headers to send the
Access Token and all the services work a treat.

However, I would prefer to use OAuth and although I've received and am
passing the OAuth Tokens I still can't obtain thing like /reader/api/
0/subscription/list

It appears that to get normal ClientLogin access to work I'm having to
obtain the Auth Token from response body of the ClientLogin and then
pass it in the Header to /reader/api/0/token before I can make a call
to the subscription list. Without this additional call to /reader/
api/0/token I receive 401 / 403 errors.

Is there a similar order of event using OAuth?

Or does someone have some example source (any language would help)
that shows the Sequence of events/url that's required to work with
OAuth?

In fact, has anyone got OAuth to work with the Reader API?

Thanks

Mariano Kamp

unread,
Jun 28, 2010, 6:34:18 AM6/28/10
to foug...@googlegroups.com
In fact, has anyone got OAuth to work with the Reader API?
And if so, does it work with Google Apps accounts? 

Also do OAuth tokens also get invalidated every 14 days? 

clouDvice

unread,
Jun 28, 2010, 6:57:36 AM6/28/10
to Friends of the Unofficial Google Reader API
Hey Mariano

RE: the expiration of the OAuth Tokens. Different service providers
imply different policies, the ones I used with Google In the past for
Adwords and the Calendar have lasted much longer than 14 days.

I've have seen OAuth documentation on the ability to request the
period of time that is required, but never tried it.

I would have thought that as the user has the ability to Revoke the
Access for a given token/site. Plus on the Google Dashboard, where
the Sites that have Authorization via OAuth are listed, there is no
indication of when they might expire.

My personal assumption is that as long as the Token is used regularly
they won't expire for quite some time, or until there is a bunch of
fail logins for that account and an Capcha need to be filled in for
the account.

If it expired every 14 days, as a User, I would get hacked off with
having to keep allowing the site access. - humm... 2 weeks would I? I
wouldn't like it, I've said that I trust the site.

Jayesh Salvi

unread,
Jun 28, 2010, 6:59:30 AM6/28/10
to foug...@googlegroups.com
--
Jayesh

On Mon, Jun 28, 2010 at 4:04 PM, Mariano Kamp <marian...@gmail.com> wrote:
>> In fact, has anyone got OAuth to work with the Reader API?

Yes. My app ReaderScope can successfully make a bulk of Google Reader
API calls with OAuth authentication. It's been deployed for more than
a month now.

>
> And if so, does it work with Google Apps accounts?

I am not sure about that. Someone from Google would know.

> Also do OAuth tokens also get invalidated every 14 days?

As per my understanding of OAuth specs and from actual experience with
Google OAuth tokens, they do not expire until user explicitly revokes
the permissions.

clouDvice

unread,
Jun 28, 2010, 7:22:27 AM6/28/10
to Friends of the Unofficial Google Reader API
Jayesh

> >> In fact, has anyone got OAuth to work with the Reader API?
>
> Yes. My app ReaderScope can successfully make a bulk of Google Reader
> API calls with OAuth authentication. It's been deployed for more than
> a month now.

That's great, have you been able to access /reader/api/0/subscription/
list ?

And once you have the OAuth token are you having to request another
URL like /reader/api/0/token prior to other api calls, or can you just
request one of the API Endpoints immediately?

Jayesh Salvi

unread,
Jun 28, 2010, 7:29:31 AM6/28/10
to foug...@googlegroups.com
--
Jayesh

On Mon, Jun 28, 2010 at 4:52 PM, clouDvice <cloud...@gmail.com> wrote:
> Jayesh
>
>> >> In fact, has anyone got OAuth to work with the Reader API?
>>
>> Yes. My app ReaderScope can successfully make a bulk of Google Reader
>> API calls with OAuth authentication. It's been deployed for more than
>> a month now.
>
> That's great, have you been able to access  /reader/api/0/subscription/
> list ?

Yes, I do call that endpoint and it works.


>
> And once you have the OAuth token are you having to request another
> URL like /reader/api/0/token prior to other api calls, or can you just
> request one of the API Endpoints immediately?

I think this behavior is not affected by OAuth. I request token before
making other api calls. I haven't tested if it works otherwise, I
doubt it will.
>
>

Dylan

unread,
Jun 28, 2010, 9:25:33 AM6/28/10
to Friends of the Unofficial Google Reader API
I'm using OAuth to access subscription/list and the other endpoints.
The POST endpoints require me to first get a reader token but not any
of the GETs. If the user doesn't do anything that requires a POST then
I never get a reader token.

You asked for code. I'm using the GData objective C library.
http://code.google.com/p/gdata-objectivec-client/

It works well now but you can see what I had to go through. I was
pulling my hair out over this.
http://groups.google.com/group/gdata-objectivec-client/browse_thread/thread/adc4e2ba154fbc5f/5a1129d2df7bf5dc#5a1129d2df7bf5dc
Reply all
Reply to author
Forward
0 new messages