Stale Android auth token means no HTTP 401

34 views
Skip to first unread message

ubikdroid

unread,
Mar 18, 2010, 6:03:00 PM3/18/10
to Friends of the Unofficial Google Reader API
Hi friends,
I just noticed that the Google Reader widget on my Nexus One's home
screen was not updating. I know that the auth token was due to time
out today, it being 2 weeks since the widget was added. I had put in
place code to catch HTTP 401s coming from the API but 401 was not the
issue. Instead it looks like the API redirected me to a web page
asking for my Google Reader username and password. Unfortunately, the
fix is not ideal as I am basically looking for some text in that page
and then retrieving a new auth token.

Also for any Android devs I had to invalidate the auth token using
GoogleLoginServiceBlockingHelper.invalidateAuthToken() before
retrieving a new auth token otherwise I was just getting the same
stale one.

Mark

Mihai Parparita

unread,
Mar 18, 2010, 10:10:58 PM3/18/10
to foug...@googlegroups.com
Which URL were you requesting that you got redirected to the login page? Generally, /api/0/ URLs should result in a 401, while other URLs (which are user-visible) will result in a 302 to the login page.

Mihai

To unsubscribe from this group, send email to fougrapi+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.

Jayesh Salvi

unread,
Mar 18, 2010, 10:46:26 PM3/18/10
to foug...@googlegroups.com
This seems to be the problem some ReaderScope users are seeing too I guess. I didn't know Auth Token expire this frequently, SID used to be valid for a long time.

Thanks
--
Jayesh


Mariano Kamp

unread,
Mar 19, 2010, 2:29:00 AM3/19/10
to foug...@googlegroups.com
Mark, to deal with that I check for 401 and 302. Mihai explained the
difference here:
http://groups.google.com/group/fougrapi/msg/46e618b73caa7292

I also remember that Nick explained on this list that he worked on a
more elaborate way to look deeper into the 401 responses to prevent
false positives, i.e. temporary errors ... if I remember correctly.

Jayesh, it seems to be 14 days now.

Mihai, would it burden you to move the cutoff date a bit? The current
version of NewsRob is using Auth, but a small percentage of users,
still thousands, don't regularly check for updates and the Android
notification mechanism in some Android versions seems broken.

Recently a bug in some NewsRob upgrade code surfaced that some users
don't update for more than 3 months.

I *think* that the other Android apps face the same issue.

Cheers,
Mariano

Jayesh Salvi

unread,
Mar 19, 2010, 2:49:09 AM3/19/10
to foug...@googlegroups.com

--
Jayesh


On Fri, Mar 19, 2010 at 11:59 AM, Mariano Kamp <marian...@gmail.com> wrote:
Mark, to deal with that I check for 401 and 302. Mihai explained the
difference here:
http://groups.google.com/group/fougrapi/msg/46e618b73caa7292

I also remember that Nick explained on this list that he worked on a
more elaborate way to look deeper into the 401 responses to prevent
false positives, i.e. temporary errors ... if I remember correctly.

Jayesh, it seems to be 14 days now.

Aah I see. Thanks.

Mihai, would it burden you to move the cutoff date a bit? The current
version of NewsRob is using Auth, but a small percentage of users,
still thousands, don't regularly check for updates and the Android
notification mechanism in some Android versions seems broken.

Recently a bug in some NewsRob upgrade code surfaced that some users
don't update for more than 3 months.

I *think* that the other Android apps face the same issue.

Yeah, users install new updates far too slowly than we release them. I am sure when Google Reader flips the switch on SID based login, there will be lot of confused users. More time for them to upgrade will definitely help.

ubikdroid

unread,
Mar 19, 2010, 2:50:56 AM3/19/10
to Friends of the Unofficial Google Reader API
Hi Mihai,
Thanks for clarifying. My app hits:

https://www.google.com/reader/api/0/unread-count?output=json

On Mar 19, 2:10 am, Mihai Parparita <mih...@google.com> wrote:
> Which URL were you requesting that you got redirected to the login page?
> Generally, /api/0/ URLs should result in a 401, while other URLs (which are
> user-visible) will result in a 302 to the login page.
>
> Mihai
>

Stefan Kyntchev

unread,
Mar 19, 2010, 7:53:40 AM3/19/10
to Friends of the Unofficial Google Reader API
Mark,

I also use both "public" and "non public" Reader APIs, so the way I
detect 301s is rather than parsing the response, I track redirects
(using org.apache.http.impl.client.DefaultRedirectHandler)
and if my last redirects was to Google's ClientLogin url, I know I had
authentication error. It would be nice if there was a better way to
detect that. There used to be a a special cookie starting with "Google
Accounts" in the response of the ClientLogin but that got removed a
couple of months ago).

My experience also shows that people update slowly. If it is possible
to delay the switch (for may be a month or two) it will be better.

Stefan

ubikdroid

unread,
Mar 20, 2010, 9:53:46 AM3/20/10
to Friends of the Unofficial Google Reader API
Thanks for the suggestion Stefan
Reply all
Reply to author
Forward
0 new messages