Changes to sending authenticated requests to Google Reader - Friends of the Unofficial Google Reader API

The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Friends of the Unofficial Google Reader API
Message from discussion Changes to sending authenticated requests to Google Reader
Received-SPF: pass (google.com: domain of markst3v...@googlemail.com designates 209.85.210.160 as permitted sender) client-ip=209.85.210.160;
MIME-Version: 1.0
Date: Wed, 17 Feb 2010 03:38:56 -0800 (PST)
In-Reply-To: <c8c2cbfa-f539-4f13-b807-85a42ce77a6f@m16g2000yqc.googlegroups.com>
References: <995a6740-770f-4c17-8a06-3cd25a099a62@b36g2000pri.googlegroups.com> 
	<c8c2cbfa-f539-4f13-b807-85a42ce77a6f@m16g2000yqc.googlegroups.com>
User-Agent: G2/1.0
Message-ID: <112b226e-9000-4b4f-9bde-756d049d7ac5@y7g2000prc.googlegroups.com>
Subject: Re: Changes to sending authenticated requests to Google Reader
From: ubikdroid <markst3v...@googlemail.com>
To: Friends of the Unofficial Google Reader API <fougrapi@googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

It looks the token obtained using the getCredentials() method does not
work in the new header. The token obtained from AccountManager on
Android 2.0+ devices seems to work. Is there any way that Android 1.x
devices can obtain a valid auth token automatically (i.e. without
using Google ClientLogin)? Users can be funny about entering their
password in apps so I would prefer an option for automatic login
across the board.

On Feb 11, 9:03=A0am, ubikdroid <markst3v...@googlemail.com> wrote:
> Thanks for the heads up Brad.
> Can you answer these questions please?
>
> 1.) Will there be an overlap where both the SID cookie and the new
> header will work for authorization?
>
> 2.) Can the auth token obtained from getCredentials() in Android be
> used in this new header? Seehttp://groups.google.com/group/android-develo=
pers/browse_thread/threa...
>
> 3.) Can the auth token obtained from AccountManager.getAccounts() in
> Android 2.0+ be used in this new header? Seehttp://groups.google.com/grou=
p/android-developers/browse_thread/threa...
>
> Thanks
> Mark
>
> On Feb 11, 12:12=A0am, Brad Hawkes <bhaw...@google.com> wrote:
>
>
>
> > Hello friends,
>
> > We just wanted to let you know about changes coming for Reader
> > authentication. We will be changing the details for how our normal web-
> > browsing experience handles authentication. This change will break
> > clients that are based on using the SID cookie to communicate with
> > Reader (this seems to be many current clients). To ensure that your
> > app continues to be able to access Reader data you should transition
> > to using ClientLogin to access Reader. This is the general mechanism
> > that is preferred for communication with many Google services. Details
> > of how to use ClientLogin, along with some libraries that are
> > available:http://code.google.com/apis/gdata/docs/auth/clientlogin.html
>
> > Here is a quick summary of how to make this change:
> > For those apps that area already obtaining authentication fromhttps://w=
ww.google.com/accounts/ClientLoginyoushould get back as
> > part of your response an Auth=3D value. For every request you send to
> > Reader you should provide that value as a HTTP header and things will
> > work as usual.
> > The header format is: Authorization:GoogleLogin auth=3D[value obtained
> > from ClientLogin]
>
> > Also please keep in mind that both SID cookies and Auth tokens do
> > expire. You should store your Auth token, but if you start to get 401
> > errors you may need to obtain a new Auth token. You should not do
> > retries on 401 errors unless you have obtained a new Auth token.
>
> > Thanks for your attention.
>
> > Brad Hawkes
> > Google Reader Team
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
Account Options
