How to use the Latitude API in OAuth Playground

57 views
Skip to first unread message

xylo04

unread,
Jul 29, 2010, 2:22:44 AM7/29/10
to Google Latitude API
This will be old hat for many folks, but I wanted to document how I
got OAuth Playground working finally. I've been reading the
documentation and this forum for a week, and I'm only now getting
results. All of this information is sprinked throughout the docs, but
perhaps I can make the next person's search a bit simpler.

Step 1: You must have a domain registered with Google here:
https://www.google.com/accounts/ManageDomains
This is how Google identifies your application, even if it's an
installed program, not a web app. Once your domain is registered, take
note of your OAuth Consumer Key and OAuth Consumer Secret, you'll need
them later.

Step 2: Now you can go to the OAuth Playground: http://googlecodesamples.com/oauth_playground/
Scope: Nothing checked
- Input your own: https://www.googleapis.com/auth/latitude
Modify OAuth Parameters
- oauth_signature_method: HMAC-SHA1
- oauth_consumer_key: <yours from domain registration>
- consumer secret: <yours from domain registration>
- oauth_token_secret: <blank>
- oauth_token: <blank>

Click "Request Token." oauth_token_secret and oauth_token are now
filled in, and you have an unauthorized request token.

Step 3:
IMPORTANT!!!
Google Latitude uses a different Authorization endpoint than other
Google services!
When you click the "Authorize" button, your browser will redirect to
https://www.google.com/accounts/OAuthAuthorizeToken&oauth_token=token_string.
YOU MUST NOW CHANGE THE URL!
http://www.google.com/latitude/apps/OAuthAuthorizeToken?domain=example.com&location=current&granularity=best&oauth_token=token_string
Keep the oauth_token parameter the same, but change the URL, and add
the Latitude-specific parameters discussed in the "Using REST"
document: http://code.google.com/apis/latitude/v1/using_rest.html#auth
Once you're on that Authorization Service page, click "Grant access."
You'll be redirected back to OAuth Playground.

Step 4:
You can now exchange your Authorized Request Token for an Access
Token. Click the "Access Token" button. (This actually fails sometimes
for me with messages about invalid signatures. I just repeat the
steps, and it works fine. I'm guessing the API is still maturing.)

At this point, clicking "available feeds" doesn't seem to find
anything, but the resource URLs in the documentation do work. Leave
the drop-down box at GET, and use the URL https://www.googleapis.com/latitude/v1/currentLocation
That should get back a JSON result containing the user's current
location.

I haven't figured out how to use RSA-SHA1; I registered a self-signed
certificate with my domain, but when I attempt to get a Request Token
using my domain and private key, the Playground just seems to hang. It
shows a loading graphic in the request/response area, and never comes
back. It could be a problem with the keys and certificate I generated,
I'm just not sure.

I hope this helps someone.

xylo04

unread,
Aug 7, 2010, 11:14:15 AM8/7/10
to Google Latitude API
Another subtle point I just learned:

If you have an access token with permission to a user's best location,
you still have to specify the granularity parameter when you call the
resource URL, i.e. https://www.googleapis.com/latitude/v1/currentLocation?granularity=best
otherwise it still defaults to city-level granularity.
> When you click the "Authorize" button, your browser will redirect tohttps://www.google.com/accounts/OAuthAuthorizeToken&oauth_token=token....
> YOU MUST NOW CHANGE THE URL!http://www.google.com/latitude/apps/OAuthAuthorizeToken?domain=exampl...
> Keep the oauth_token parameter the same, but change the URL, and add
> the Latitude-specific parameters discussed in the "Using REST"
> document:http://code.google.com/apis/latitude/v1/using_rest.html#auth
> Once you're on that Authorization Service page, click "Grant access."
> You'll be redirected back to OAuth Playground.
>
> Step 4:
> You can now exchange your Authorized Request Token for an Access
> Token. Click the "Access Token" button. (This actually fails sometimes
> for me with messages about invalid signatures. I just repeat the
> steps, and it works fine. I'm guessing the API is still maturing.)
>
> At this point, clicking "available feeds" doesn't seem to find
> anything, but the resource URLs in the documentation do work. Leave
> the drop-down box at GET, and use the URLhttps://www.googleapis.com/latitude/v1/currentLocation
Reply all
Reply to author
Forward
0 new messages