Re: Help with using OAuth with Android

[Ana Ulin]

Hi Thira,

You are using an incorrect authorization URL. The Latitude API uses
the authorization endpoint:
https://www.google.com/latitude/apps/OAuthAuthorizeToken

See our authentication docs:
http://code.google.com/apis/latitude/v1/using_rest.html#auth

Cheers,
Ana

On Sat, May 22, 2010 at 11:41 PM, Thira <thira...@gmail.com> wrote:
> Hi,
>
> I've encountered issues trying to get an access token from Google
> Latitude service using my Android application. I'm using the signpost
> library to perform the authentication using the following URLs:
>
> private static final String LATITUDE_REQUEST_TOKEN_URL = "https://
> www.google.com/accounts/OAuthGetRequestTokn";
> private static final String LATITUDE_AUTHORIZE_URL = "https://
> www.google.com/accounts/OAuthAuthorizeToken";
> private static final String LATITUDE_ACCESS_TOKEN_URL = "https://
> www.google.com/accounts/OAuthGetAccessToken";
>
> I successfully manage to get the authentication URL, get the user to
> grant permissions (by opening a new web browser) to my application.
> However, when I try to gain an access toekn, it throws an exception
> saying "Failed to retrieve access/authentication permission./ Service
> provider responded in error: 400 (Bad Request)".
>
> I am new to using OAuth and would really appreciate if anyone can
> provide a simple example or tell me where I am going wrong (I can get
> a valid access token for other Google services using this method by
> simply changing the scope. e.g "http://www.blogger.com/feeds").
>
> I've verified that my consumer key and secret are working properly
> using http://googlecodesamples.com/oauth_playground.
>
> Thanks in advance!
> Thira
>
> My code looks as follows:
> mConsumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY,
> CONSUMER_SECRET);
>
> String request = LATITUDE_REQUEST_TOKEN_URL + "?scope=" +
> URLEncoder.encode("https://www.googleapis.com/auth/latitude", "utf-8")
> mProvider = new CommonsHttpOAuthProvider (request,
> LATITUDE_ACCESS_TOKEN_URL, LATITUDE_AUTHORIZE_URL );
> String authUrl = mProvider.retrieveRequestToken(mConsumer,
> CALLBACK_URI.toString());
>
> mRequestToken = mConsumer.getToken();
> mRequestSecret = mConsumer.getTokenSecret();
> // Bring up a browser to get permission from the user as a new
> Activity
> ...
>
> // onResume method ...
> Uri uri = getIntent().getData();
> if (uri != null && CALLBACK_URI.getScheme().equals(uri.getScheme())) {
>   // We got here as a result of user granting permissions
>   // token
>   mConsumer.setTokenWithSecret(mRequestToken, mRequestSecret );
>
>   String token = uri.getQueryParameter("oauth_token");
>   String verifier = uri.getQueryParameter("oauth_verifier");
>
>   // I am expecting token to be the same as mRequestToken, but they
> are not if the scope is for latitude.
>   // (works fine for other google services such as calendar)
>
>   // Attempt to gain an access token
>   // AN ERROR happens at this line
>   mProvider.retrieveAccessToken(mConsumer, verifier);
> }
>
>

[Thira]

Thanks Ana.

That fixed my issue and finally managed to get the current location
using the Latitude API!

Are there plans in future to get locations of the user's friends
(similar how you can view your friends' location through Google's own
latitude app)?

Cheers,
Thira.

> > usinghttp://googlecodesamples.com/oauth_playground.

[Bill]

Thira have you managed to get anything other than the current location
from the API?

[Thira]

I tried to get the location history (using https://www.googleapis.com/latitude/v1/location)
and past location (https://www.googleapis.com/latitude/v1/location/id,
where the id is the same one in the timestampMs field in the result I
got for my query for current location), but both gave me errors saying
the requests were "Unauthorized". I've made sure that I've enabled
location history etc on my latitude settings. Any suggestions as to
what might be going on?

Has anyone else managed to get the location history (either with
Android or with another device/web app)?

[gmail1]

cant get anything oh the request to 'https://www.googleapis.com/latitude/v1/currentLocation?'

CODE:

<?

ini_set('display_errors', 1);

session_start();

require_once 'Zend/Oauth/Consumer.php';

$CONSUMER_KEY = '***';

$CONSUMER_SECRET = '***';

// Multi-scoped token.

$SCOPES = array(

  'https://www.googleapis.com/auth/latitude'

);

$oauthOptions = array(

  'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER,

  'version' => '1.0',

  'consumerKey' => $CONSUMER_KEY,

  'consumerSecret' => $CONSUMER_SECRET,

  'signatureMethod' => 'HMAC-SHA1',

  'callbackUrl' => '***',

  'requestTokenUrl' => 'https://www.google.com/accounts/OAuthGetRequestToken',

  'userAuthorizationUrl' => 'https://www.google.com/accounts/OAuthAuthorizeToken',

  'accessTokenUrl' => 'https://www.google.com/accounts/OAuthGetAccessToken'

);

$consumer = new Zend_Oauth_Consumer($oauthOptions);

//$consumer = new Zend_Oauth_Client($oauthOptions);

if (!isset($_SESSION['ACCESS_TOKEN'])) {

  if (!empty($_GET) && isset($_SESSION['REQUEST_TOKEN'])) {

    $_SESSION['ACCESS_TOKEN'] = serialize($consumer->getAccessToken($_GET, unserialize($_SESSION['REQUEST_TOKEN'])));

  }

}

if (isset($_SESSION['ACCESS_TOKEN'])) {

  $accessToken = unserialize($_SESSION['ACCESS_TOKEN']);

} else {

  exit;

}

$client = $accessToken->getHttpClient($oauthOptions);

$client->setHeaders('Content-Type: application/json');

$client->setMethod(Zend_Http_Client::GET);

$client->setUri('https://www.googleapis.com/latitude/v1/currentLocation');

$response = $client->request();

print_r(json_decode($response, true));

?>

get the response

HTTP/1.1 502 Bad Gateway
Content-type: text/html; charset=UTF-8
Content-length: 1409
Date: Thu, 27 May 2010 00:57:23 GMT
Server: GFE/2.0
Connection: close

anyone can help????

[Ana Ulin]

You are using the wrong authorization endpoint. For the Latitude API,
you need to use:
https://www.google.com/latitude/apps/OAuthAuthorizeToken

See my email earlier on this thread.

Cheers,
Ana

[gmail1]

thanks alot

got a actual response

HTTP/1.1 200 OK
Expires: Thu, 27 May 2010 01:27:06 GMT
Date: Thu, 27 May 2010 01:27:06 GMT
Cache-control: private, max-age=0, must-revalidate, no-transform
Content-type: application/json; charset=UTF-8
X-content-type-options: nosniff
X-frame-options: SAMEORIGIN
X-xss-protection: 1; mode=block
Server: GSE
Connection: close

{"data":{"kind":"latitude#location","timestampMs":"1274354302349","latitude":38.7070538,"longitude":-9.1354884}}

[gmail1]

Do we always have to ask the user to authorize the app to access his info or
can we access just with the user email and password?

On May 27, 2010, at 2:07 AM, Ana Ulin wrote:

[Ana Ulin]

You have to ask the user to authorize the app.

Cheers,

Ana

[Thira]

Currently the user has to be taken to a browser to grant permission
for the app to access their latitude information. Is there a better
way to do this within a mobile phone? (like bringing up a popup
message - similar to how facebook does it)

Thanks!