Re: Remove OAuth 1.0 support. (issue 6063052)
20 views
Skip to first unread message
jcgre...@google.com
Aug 6, 2012, 9:05:19 PM8/6/12
to ai...@google.com, sandi...@vthrive.com, nakt...@gmail.com, google-api-p...@googlegroups.com, re...@codereview-hr.appspotmail.com
You will need to get a new client_id and client_secret from the APIs
Console:
https://developers.google.com/api-client-library/python/guide/aaa_oauth
On 2012/08/07 00:15:45, naktinis wrote:
> Since OAuthCredentials class and OAuth 1.0 support is removed, how do
I use the
> existing (token_key, token_secret) pairs to access the data using the
new
> "google-api-client" code?
> On 2012/04/30 19:59:07, jcgregorio_google wrote:
> > Committed at
> >
http://code.google.com/p/google-api-python-client/source/detail?r=f05a47e9e4439ed959cd967937554b65c53683f5
> >
> > > On Saturday, April 21, 2012 7:21:14 PM UTC-7, Tony Aiuto wrote:
> > > >
> > > > lgtm
> > > >
> > > > http://codereview.appspot.com/6063052/
> > > >
http://codereview.appspot.com/6063052/
Console:
https://developers.google.com/api-client-library/python/guide/aaa_oauth
On 2012/08/07 00:15:45, naktinis wrote:
> Since OAuthCredentials class and OAuth 1.0 support is removed, how do
I use the
> existing (token_key, token_secret) pairs to access the data using the
new
> "google-api-client" code?
> On 2012/04/30 19:59:07, jcgregorio_google wrote:
> > Committed at
> >
http://code.google.com/p/google-api-python-client/source/detail?r=f05a47e9e4439ed959cd967937554b65c53683f5
> >
> > > On Saturday, April 21, 2012 7:21:14 PM UTC-7, Tony Aiuto wrote:
> > > >
> > > > lgtm
> > > >
> > > > http://codereview.appspot.com/6063052/
> > > >
http://codereview.appspot.com/6063052/
jcgre...@google.com
Aug 7, 2012, 10:46:25 AM8/7/12
to ai...@google.com, sandi...@vthrive.com, nakt...@gmail.com, google-api-p...@googlegroups.com, re...@codereview-hr.appspotmail.com
OAuth 1.0 is officially deprecated:
https://developers.google.com/accounts/docs/RegistrationForWebAppsAuto
It didn't make sense to keep OAuth 1.0 support in the
google-api-python-client, as the library will be going to GA soon, and
it doesn't make sense to go to GA supporting a technology that's already
deprecated.
You can always apply this patch in reverse to add back the OAuth 1.0
support, but there is no guarantee the google-api-python-client library
will remain compatible, nor would the code be supported, but it might be
a short term step you could take on the way to migrating to OAuth 2.0.
On 2012/08/07 05:57:05, naktinis wrote:
> My question was about token key and secret, not about client id and
secret.
> Essentially I am asking whether you plan to keep backwards
compatibility in your
> Python library code. Because OAuth 1.0 requests to Google services
clearly still
> work. However, I can't seem to find how your Python library allows for
that.
> The old library (namely OAuthCredentials) took Token objects
(essentially a pair
> of token_key and token_secret), created a HMAC_SHA1 signature and
added a header
> similar to 'Authorization: OAuth realm="<realm>",
> oauth_consumer_key="<oauth_consumer>", oauth_token="<oauth_token>"
...' Well,
> the OAuth 1.0 way.
> The new library (namely OAuth2Credentials, and there is no
OAuth1Credentials)
> can only perform OAuth 2.0 requests with "Bearer: ..." headers.
> The other Google API library - gdata - supports both OAuth 1.0 and
OAuth 2.0
> requests, using OAuthHmacToken and OAuth2Token classes
(http://code.google.com/p/gdata-python-client/source/browse/src/gdata/gauth.py).
> Since I know OAuth 1.0 requests still work on Google APIs, and since I
have
> loads of OAuth 1.0 (token_key, token_secret) pairs, and since I know
OAuth 1.0
> is implemented in the other Python API library. My question is whether
it could
> be possible to have "google-api-python-client" backwards compatible
with OAuth
> 1.0 for some time, so I wouldn't need to annoy my users forcing them
to
> authorize the app again, and wouldn't need to resort to nasty hacks
signing the
> requests without your library :)
https://developers.google.com/accounts/docs/RegistrationForWebAppsAuto
It didn't make sense to keep OAuth 1.0 support in the
google-api-python-client, as the library will be going to GA soon, and
it doesn't make sense to go to GA supporting a technology that's already
deprecated.
You can always apply this patch in reverse to add back the OAuth 1.0
support, but there is no guarantee the google-api-python-client library
will remain compatible, nor would the code be supported, but it might be
a short term step you could take on the way to migrating to OAuth 2.0.
On 2012/08/07 05:57:05, naktinis wrote:
> My question was about token key and secret, not about client id and
secret.
> Essentially I am asking whether you plan to keep backwards
compatibility in your
> Python library code. Because OAuth 1.0 requests to Google services
clearly still
> work. However, I can't seem to find how your Python library allows for
that.
> The old library (namely OAuthCredentials) took Token objects
(essentially a pair
> of token_key and token_secret), created a HMAC_SHA1 signature and
added a header
> similar to 'Authorization: OAuth realm="<realm>",
> oauth_consumer_key="<oauth_consumer>", oauth_token="<oauth_token>"
...' Well,
> the OAuth 1.0 way.
> The new library (namely OAuth2Credentials, and there is no
OAuth1Credentials)
> can only perform OAuth 2.0 requests with "Bearer: ..." headers.
> The other Google API library - gdata - supports both OAuth 1.0 and
OAuth 2.0
> requests, using OAuthHmacToken and OAuth2Token classes
(http://code.google.com/p/gdata-python-client/source/browse/src/gdata/gauth.py).
> Since I know OAuth 1.0 requests still work on Google APIs, and since I
have
> loads of OAuth 1.0 (token_key, token_secret) pairs, and since I know
OAuth 1.0
> is implemented in the other Python API library. My question is whether
it could
> be possible to have "google-api-python-client" backwards compatible
with OAuth
> 1.0 for some time, so I wouldn't need to annoy my users forcing them
to
> authorize the app again, and wouldn't need to resort to nasty hacks
signing the
> requests without your library :)
Reply all
Reply to author
Forward
0 new messages