Authentication to Reader with OAuth now available.

[Brad Hawkes]

Hello friends,

It was asked in a previous thread if we could provide OAuth capabilities for accessing Reader data. We recently enabled OAuth support for Reader. You can find relevant information here: http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html 

You can request within a scope of http://www.google.com/reader/api/*

Hope this helps. If you have questions I'll try and help if I can.

-Brad Hawkes

[Jayesh Salvi]

--
Jayesh

On Tue, Mar 23, 2010 at 7:27 AM, Brad Hawkes <bha...@google.com> wrote:

Hello friends,

It was asked in a previous thread if we could provide OAuth capabilities for accessing Reader data. We recently enabled OAuth support for Reader. You can find relevant information here: http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html 

Awesome. If this works, it will be the best solution to get user logged in w/o username/password.

 

You can request within a scope of http://www.google.com/reader/api/*

Won't it work for 

http://www.google.com/reader/atom/user/-/state/*

http://www.google.com/reader/atom/user/-/label/*

http://www.google.com/reader/atom/feed/* 

http://www.google.com/reader/subscriptions/export

Thanks a lot.

[Brad Hawkes]

It will work for reader/atom/* . It doesn't however work for subscriptions/export . If this is a problem I can see about getting it added.

To unsubscribe from this group, send email to fougrapi+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.

[Jayesh Salvi]

--
Jayesh

On Tue, Mar 23, 2010 at 8:35 AM, Brad Hawkes <bha...@google.com> wrote:

It will work for reader/atom/* . It doesn't however work for subscriptions/export . If this is a problem I can see about getting it added.

It will be great if it would work for subscriptions/export, I think many clients use OPML export. 

I will try to test the new OAuth later today.

Thanks for quick reply.

[Jayesh Salvi]

Ok, I got the OAuth working with Google Reader (at least for subscription list). 

Here is example code:

http://pastebin.com/VbusAELq

It uses SignPost for OAuth. It's generic java code run from desktop, but can be used for Android with some modifications.

I am yet to test all calls to make sure they work with OAuth, but this is a good start.

Brad, could you enable OAuth on subscriptions/export request? My android app (ReaderScope) uses it to download OPML data.

Also, one question to Google Reader team. Is the OAuth support an experiment or can I start using it in real world and deploy it in my app? (I know GReader API is not official, but I just want to make sure that OAuth  won't go away all of a sudden)

Thanks again for the OAuth support.
--
Jayesh

[Brad Hawkes]

I have enabled OAuth on the subscription export so you should be able to use that as well now. 

I can't say definitively what Google is going to do with respect to auth systems, however OAuth is not experimental, I fully expect its support to outlast ClientLogin. We actually prefer OAuth to ClientLogin now so that users don't have to provide Google credentials to third party applications. 

-Brad

[Jayesh Salvi]

Hi Brad,

With OAuth I can successfully make http://www.google.com/reader/api calls. But the calls to http://www.google.com/reader/atom/feed fail.

In the example code I posted earlier (http://pastebin.com/VbusAELq), if I change the URL at line 96 to 

"http://www.google.com/reader/atom/feed/http%3A%2F%2Ffeeds2.feedburner.com%2FProgrammableWeb"

(This is one of the feeds I am subscribed to.)

I get "302 Moved Temporarily" in response. Any idea what's going wrong?

Do I need to expand the "scope" while asking for OAuth tokens? if it's possible that is.

Let me know.

Thanks
--
Jayesh

[Jayesh Salvi]

Do I need to expand the "scope" while asking for OAuth tokens? if it's possible that is.

This indeed did the trick. I changed scope to: "http://www.google.com/reader/api%20http://www.google.com/reader/atom". Got new oauth tokens and the feed returned successfully. 

[Jayesh Salvi]

Hi Brad,
Now I am stuck on edit-tags, it is returning 401 Unauthorized with OAuth.

I am making a request to  http://www.google.com/reader/api/0/edit-tag
It is strange, because before calling this I need to get token from
http://www.google.com/reader/api/0/token which I get successfully.

Are you sure you have enabled OAuth on edit-tag requests?
Thanks.
--
Jayesh

[Jayesh Salvi]

Hi Brad,

I think I have tested all the endpoints so far and except for the two
all others are working.

The failing ones are edit-tags and subscriptions/export.

Calls on http://www.google.com/reader/api/0/edit-tag fail with 401 Unauthorized

Calls on http://www.google.com/reader/subscriptions/export fail with
some unknown error. I get HTTP response code -1.

Please let me know if you find something wrong about these end points
on google reader side.
--
Jayesh

[Jayesh Salvi]

ping! any news on this one?

Thanks.
--
Jayesh

[Mihai Parparita]

Is it all POST requests that fail, or just those to edit-tag?

Mihai

[Jayesh Salvi]

I checked again. It seems it IS failing for many POST requests, except for one.

The POST requests to "api/0/stream/items/contents" are successful.

But POST requests to "api/0/item/edit", "api/0/mark-all-as-read",
"api/0/edit-tag" fail.
--
Jayesh

[Mihai Parparita]

Are you providing the T action token? That's still required even with OAuth.

Mihai

[Jayesh Salvi]

--
Jayesh

On Wed, Mar 31, 2010 at 8:29 AM, Mihai Parparita <mih...@google.com> wrote:
> Are you providing the T action token? That's still required even with OAuth.

Yes I am doing that. My code is unchanged except for OAuth signing at
lower level, so I am adding POST params just like before, including
the Token.

[Brad Hawkes]

Jayesh,

OAuth is supported by our authentication library natively. I just enabled it on the various paths mentioned including edit-tag . It would probably be good to verify that you are correctly encoding the POST variables  into the OAuth base signature string.

-Brad

[Jayesh Salvi]

On Wed, Mar 31, 2010 at 11:20 PM, Brad Hawkes <bha...@google.com> wrote:
> Jayesh,
> OAuth is supported by our authentication library natively. I just enabled it
> on the various paths mentioned including edit-tag .

Could you tell me which client library did you use to test (if it is
publicly available)? I can recheck my code against it.
I am using SignPost, which apparently seems to be a standard OAuth
library, but I will check.

[Jayesh Salvi]

Hi guys,

I tried all I could think of, but no help.

I analysed the java SignPost library I was using and dumped the post
params/ signature base string etc. But couldn't find anything useful.

I also tried couple of python libraries to get more sample points, but
couldn't get those libraries beyond getRequestToken. They all are well
tested for Twitter, but can't seem to handle the "scope" post param
required for Google oauth.

IIRC, you guys can lookup the requests in server logs based on User
Agent strings. Do you think you can tell me if you find something
there? I ran the test that marks an item read about 5-10 min ago, with
the SOURCE http header set to "ReaderScope 1.8.5x". I got
401-Unauthorized for an edit-tag method invocation. Can Google Reader
log tell what in particular went wrong in that request? There should
be only one request with that SOURCE field, so it should be easily
searchable provided it is kept in logs.

It's difficult at the client side, because there are many things that
can go wrong in signing the OAuth request properly. It doesn't help
that server returns same error code for all of those errors (401).

Let me know if you can help or have any more suggestions.

Thanks.
--
Jayesh

[Brad Hawkes]

Hi Jayesh,

I looked up your request and it was indeed an error due to an invalid signature. 

I think the problem you are having is a known issue with SignPost. From http://code.google.com/p/oauth-signpost/wiki/GettingStarted :

When using HttpURLConnection, you cannot sign POST requests that carry query parameters in the message payload (i.e. requests of type application/x-www-form-urlencoded). This is not a limitation of Signpost per se, but with the way URLConnection works. Server communication with URLConnection is based on data streams, which means that whenever you write something to the connection, it will be sent to the server immediately. This data is not buffered, and there is simply no way for Signpost to inspect that data and include it in a signature. Hence, when you have to sign requests which contain parameters in their body, you have to use an HTTP library like Apache Commons HttpComponents and the respective Signpost module. (This restriction does not apply to requests which send binary data such as documents or files, because that data won't become part of the signature anyway.)

-Brad

[Jayesh Salvi]

--
Jayesh

On Fri, Apr 2, 2010 at 1:58 AM, Brad Hawkes <bha...@google.com> wrote:
> Hi Jayesh,
> I looked up your request and it was indeed an error due to an invalid
> signature.
> I think the problem you are having is a known issue with SignPost.
> From http://code.google.com/p/oauth-signpost/wiki/GettingStarted :
> When using HttpURLConnection, you cannot sign POST requests that carry query
> parameters in the message payload (i.e. requests of type
> application/x-www-form-urlencoded). This is not a limitation of Signpost per
> se, but with the way URLConnection works. Server communication with
> URLConnection is based on data streams, which means that whenever you write
> something to the connection, it will be sent to the server immediately. This
> data is not buffered, and there is simply no way for Signpost to inspect
> that data and include it in a signature. Hence, when you have to sign
> requests which contain parameters in their body, you have to use an HTTP
> library like Apache Commons HttpComponents and the respective Signpost
> module. (This restriction does not apply to requests which send binary data
> such as documents or files, because that data won't become part of the
> signature anyway.)
> -Brad

Thanks a bunch Brad. That seems to explain it. I will try the
suggestions later today and report what I find.

[Jayesh Salvi]

I got most of the calls working (including some POST queries) with
apache http library and SignPost. But I am still getting error with
OPML query. It's a simple GET query on
www.google.com/reader/subscriptions/export, but it fails with 401
Client error and I get following warning somewhere inside the
http/signpost library:

Authentication error: Unable to respond to any of these challenges:
{oauth=WWW-Authenticate: OAuth
realm="https://www.google.com/accounts/OAuthGetRequestToken",
service="reader"}

I am not sure why the error talks about GetRequestToken. I already
have access token and secret, which work perfect for other queries.

I also tried to expand the scope by adding
www.google.com/reader/subscriptions to it, but that gives an error.

Any idea?
--
Jayesh

[Jayesh Salvi]

Some more investigation on OPML query failure.

The exact request-response details are:

Request:
------------
GET http://www.google.com/reader/subscriptions/export HTTP/1.1
Authorization : OAuth
oauth_token="1%2FQFKEFjVe0KE8mrPy6zpJA2ty9VceETm-b9xJXKiyMoM",
oauth_consumer_key="<myconsumerkey>", oauth_version="1.0",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1270356512",
oauth_nonce="2173450765791751214",
oauth_signature="8lQAxDhVrA0JQ%2FXbe92Gu2hOdbI%3D"

Response:
--------------
HTTP/1.1 401 Unauthorized
Content-Type : text/html; charset=UTF-8
WWW-Authenticate : OAuth

realm="https://www.google.com/accounts/OAuthGetRequestToken",
service="reader"

Date : Sun, 04 Apr 2010 04:44:50 GMT
Expires : Sun, 04 Apr 2010 04:44:50 GMT
Cache-Control : private, max-age=0
X-Content-Type-Options : nosniff
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
Content-Length : 1334
Server : GSE

Now I am making other GET requests which are returning success. So I
dumped their request headers and verified that they look the same as
the above request.

I looked into the following RFC about the 401 response generated by
the server and the meaning of "WWW-authenticate: OAuth realm"
http://tools.ietf.org/html/rfc2617#section-1.2

As I understand it from the RFC, the server is challenging the client
to provide OAuth credentials. But as you see, I am providing them in
the request. So my best guess on this is that even though OAuth might
be enabled on subscriptions/export, it does not fall into the same
space as other requests. That is why it is in a way prompting the
client to do OAuth authentication by suggesting the
OAuthGetRequestToken URL (first step in OAuth authentication process).

Does this make sense?

Please let me know. Thanks.
--
Jayesh

[Brad Hawkes]

Yes I believe you have to authenticate for the different scopes separately. 

-Brad

[Dima]

Hi,

I am having an issue accessing subscription lists via oauth. I get
and verify all the tokens, a call to:

http://www.google.com/reader/api/0/token

succeeds

but when I call:

http://www.google.com/reader/api/0/subscription/list?output=json

I get a 401 response.

My scope is: http://www.google.com/reader/api. One thing that is not
too clear to me is once I get a token from http://www.google.com/reader/api/0/token
do I stick it in a cookie header as before, or do I have to do
something else?

Thanks!
ttyl
Dima

> > On Sat, Apr 3, 2010 at 11:57 AM, Jayesh Salvi <jayeshsa...@gmail.com>

> > wrote:
> > > I got most of the calls working (including some POST queries) with
> > > apache http library and SignPost. But I am still getting error with
> > > OPML query. It's a simple GET query on
> > >www.google.com/reader/subscriptions/export, but it fails with 401
> > > Client error and I get following warning somewhere inside the
> > > http/signpost library:
>
> > > Authentication error: Unable to respond to any of these challenges:
> > > {oauth=WWW-Authenticate: OAuth
> > > realm="https://www.google.com/accounts/OAuthGetRequestToken",
> > > service="reader"}
>
> > > I am not sure why the error talks about GetRequestToken. I already
> > > have access token and secret, which work perfect for other queries.
>
> > > I also tried to expand the scope by adding

> > >www.google.com/reader/subscriptionsto it, but that gives an error.
>
> > > Any idea?
> > > --
> > > Jayesh
>
> > > On Fri, Apr 2, 2010 at 7:48 AM, Jayesh Salvi <jayeshsa...@gmail.com>
> > wrote:
> > >> --
> > >> Jayesh

>
> > >> On Fri, Apr 2, 2010 at 1:58 AM, Brad Hawkes <bhaw...@google.com> wrote:
> > >>> Hi Jayesh,
> > >>> I looked up your request and it was indeed an error due to an invalid
> > >>> signature.
> > >>> I think the problem you are having is a known issue with SignPost.

> > >>> Fromhttp://code.google.com/p/oauth-signpost/wiki/GettingStarted:

> > >>> When using HttpURLConnection, you cannot sign POST requests that carry
> > query
> > >>> parameters in the message payload (i.e. requests of type
> > >>> application/x-www-form-urlencoded). This is not a limitation of
> > Signpost per
> > >>> se, but with the way URLConnection works. Server communication with
> > >>> URLConnection is based on data streams, which means that whenever you
> > write
> > >>> something to the connection, it will be sent to the server immediately.
> > This
> > >>> data is not buffered, and there is simply no way for Signpost to
> > inspect
> > >>> that data and include it in a signature. Hence, when you have to sign
> > >>> requests which contain parameters in their body, you have to use an
> > HTTP
> > >>> library like Apache Commons HttpComponents and the respective Signpost
> > >>> module. (This restriction does not apply to requests which send binary
> > data
> > >>> such as documents or files, because that data won't become part of the
> > >>> signature anyway.)
> > >>> -Brad
>
> > >> Thanks a bunch Brad. That seems to explain it. I will try the
> > >> suggestions later today and report what I find.
>

> > >>> On Thu, Apr 1, 2010 at 11:52 AM, Jayesh Salvi <jayeshsa...@gmail.com>

> > wrote:
>
> > >>>> Hi guys,
>
> > >>>> I tried all I could think of, but no help.
>
> > >>>> I analysed the java SignPost library I was using and dumped the  post
> > >>>> params/ signature base string etc. But couldn't find anything useful.
>
> > >>>> I also tried couple of python libraries to get more sample points, but
> > >>>> couldn't get those libraries beyond getRequestToken. They all are well
> > >>>> tested for Twitter, but can't seem to handle the "scope" post param
> > >>>> required for Google oauth.
>
> > >>>> IIRC, you guys can lookup the requests in server logs based on User
> > >>>> Agent strings. Do you think you can tell me if you find something
> > >>>> there? I ran the test that marks an item read about 5-10 min ago, with
> > >>>> the SOURCE http header set to "ReaderScope 1.8.5x". I got
> > >>>> 401-Unauthorized for an edit-tag method invocation. Can Google Reader
> > >>>> log tell what in particular went wrong in that request? There should
> > >>>> be only one request with that SOURCE field, so it should be easily
> > >>>> searchable provided it is kept in logs.
>
> > >>>> It's difficult at the client side, because there are many things that
> > >>>> can go wrong in signing the OAuth request properly. It doesn't help
> > >>>> that server returns same error code for all of those errors (401).
>
> > >>>> Let me know if you can help or have any more suggestions.
>
> > >>>> Thanks.
> > >>>> --
> > >>>> Jayesh
>

> > >>>> On Thu, Apr 1, 2010 at 12:04 AM, Jayesh Salvi <jayeshsa...@gmail.com>
> > >>>> wrote:
> > >>>> > On Wed, Mar 31, 2010 at 11:20 PM, Brad Hawkes <bhaw...@google.com>

> > >>>> > wrote:
> > >>>> >> Jayesh,
> > >>>> >> OAuth is supported by our authentication library natively. I just
> > >>>> >> enabled it
> > >>>> >> on the various paths mentioned including edit-tag .
>
> > >>>> > Could you tell me which client library did you use to test (if it is
> > >>>> > publicly available)? I can recheck my code against it.
> > >>>> > I am using SignPost, which apparently seems to be a standard OAuth
> > >>>> > library, but I will check.
>
> > >>>> >> It would probably be
> > >>>> >> good to verify that you are correctly encoding the POST variables
> >  into
> > >>>> >> the
> > >>>> >> OAuth base signature string.
> > >>>> >> -Brad
> > >>>> >> On Tue, Mar 30, 2010 at 8:02 PM, Jayesh Salvi <

> > jayeshsa...@gmail.com>

> > >>>> >> wrote:
>
> > >>>> >>> --
> > >>>> >>> Jayesh
>
> > >>>> >>> On Wed, Mar 31, 2010 at 8:29 AM, Mihai Parparita <
> > mih...@google.com>
> > >>>> >>> wrote:
> > >>>> >>> > Are you providing the T action token? That's still required even
> > >>>> >>> > with
> > >>>> >>> > OAuth.
>
> > >>>> >>> Yes I am doing that. My code is unchanged except for OAuth signing
> > at
> > >>>> >>> lower level, so I am adding POST params just like before,
> > including
> > >>>> >>> the Token.
>
> > >>>> >>> > Mihai
>
> > >>>> >>> > On Tue, Mar 30, 2010 at 10:57 PM, Jayesh Salvi

> > >>>> >>> > <jayeshsa...@gmail.com>

> > >>>> >>> > wrote:
>
> > >>>> >>> >> I checked again. It seems it IS failing for many POST requests,
> > >>>> >>> >> except
> > >>>> >>> >> for
> > >>>> >>> >> one.
>
> > >>>> >>> >> The POST requests to "api/0/stream/items/contents" are
> > successful.
>
> > >>>> >>> >> But POST requests to "api/0/item/edit",
> > "api/0/mark-all-as-read",
> > >>>> >>> >> "api/0/edit-tag" fail.
> > >>>> >>> >> --
> > >>>> >>> >> Jayesh
>
> > >>>> >>> >> On Wed, Mar 31, 2010 at 8:12 AM, Mihai Parparita
> > >>>> >>> >> <mih...@google.com>
> > >>>> >>> >> wrote:
> > >>>> >>> >> > Is it all POST requests that fail, or just those to edit-tag?
>
> > >>>> >>> >> > Mihai
>
> > >>>> >>> >> > On Tue, Mar 30, 2010 at 9:47 PM, Jayesh Salvi

> > >>>> >>> >> > <jayeshsa...@gmail.com>

> > >>>> >>> >> > wrote:
>
> > >>>> >>> >> >> ping! any news on this one?
>
> > >>>> >>> >> >> Thanks.
> > >>>> >>> >> >> --
> > >>>> >>> >> >> Jayesh
>
> > >>>> >>> >> >> On Tue, Mar 30, 2010 at 12:18 AM, Jayesh Salvi

> > >>>> >>> >> >> <jayeshsa...@gmail.com>

> > >>>> >>> >> >> wrote:
> > >>>> >>> >> >> > Hi Brad,
>
> > >>>> >>> >> >> > I think I have tested all the endpoints so far and except
> > for
> > >>>> >>> >> >> > the
> > >>>> >>> >> >> > two
> > >>>> >>> >> >> > all others are working.
>
> > >>>> >>> >> >> > The failing ones are edit-tags and subscriptions/export.
>
> > >>>> >>> >> >> > Calls onhttp://www.google.com/reader/api/0/edit-tagfail
> > with
> > >>>> >>> >> >> > 401
> > >>>> >>> >> >> > Unauthorized
>
> > >>>> >>> >> >> > Calls on
> >http://www.google.com/reader/subscriptions/export
> > >>>> >>> >> >> > fail
> > >>>> >>> >> >> > with
> > >>>> >>> >> >> > some unknown error. I get HTTP response code -1.
>
> > >>>> >>> >> >> > Please let me know if you find something wrong about these
> > end
> > >>>> >>> >> >> > points
> > >>>> >>> >> >> > on google reader side.
> > >>>> >>> >> >> > --
> > >>>> >>> >> >> > Jayesh
>
> > >>>> >>> >> >> > On Sun, Mar 28, 2010 at 9:27 AM, Jayesh Salvi

> > >>>> >>> >> >> > <jayeshsa...@gmail.com>

> > >>>> >>> >> >> > wrote:
> > >>>> >>> >> >> >> Hi Brad,
> > >>>> >>> >> >> >> Now I am stuck on
>

> ...
>
> read more »


--
Subscription settings: http://groups.google.com/group/fougrapi/subscribe?hl=en

[curt]

Hi, it's great you now have OAuth support!

However, it doesn't seem to work for:

http://www.google.com/reader/api/0/preference/stream/set
http://www.google.com/reader/api/0/subscription/edit
http://www.google.com/reader/api/0/disable-tag

My code used to use SID authentication, and was unchanged other than
removing the SID from the post and adding the authentication.

I'm using the GData objective c oauth provider:
http://code.google.com/p/gdata-objectivec-client/wiki/OAuthSignInControllers
and signing my requests with [auth authorizeRequest:myRequest]

Is there something else I need to change to get this to work, or must
I use ClientLogin to do these?

Thanks for any help!
Curtis.

On Mar 22, 6:57 pm, Brad Hawkes <bhaw...@google.com> wrote:
> Hello friends,
>
> It was asked in a previous thread if we could provide OAuth capabilities for
> accessing Reader data. We recently enabled OAuth support for Reader. You can
> find relevant information here:http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html
>

> You can request within a scope ofhttp://www.google.com/reader/api/*

>
> Hope this helps. If you have questions I'll try and help if I can.
>
> -Brad Hawkes

[curt]

Ah, figured it out myself after pulling out my remaining hair..

When using OAuth, you don't put the token as a cookie, only in the
postData.

Hope this helps someone else migrating.

On Apr 25, 9:24 pm, curt <curtis.wens...@gmail.com> wrote:
> Hi, it's great you now have OAuth support!
>
> However, it doesn't seem to work for:
>
> http://www.google.com/reader/api/0/preference/stream/set
> http://www.google.com/reader/api/0/subscription/edit
> http://www.google.com/reader/api/0/disable-tag
>
> My code used to use SID authentication, and was unchanged other than
> removing the SID from the post and adding the authentication.
>

> I'm using the GData objective c oauth provider:http://code.google.com/p/gdata-objectivec-client/wiki/OAuthSignInCont...

[Martin Jönsson]

Any news on accessing http://www.google.com/reader/api/0/subscription/edit?

I'm trying to do a POST request with the following command, using RoR

@response = GooglesController.consumer.request(:post, '/reader/api/0/
subscription/edit', @access_token, {}, {:s => 'http://xkcd.com/
rss.xml', :ac => 'subscribe'})

I get a 302 Moved-message. Any help with this will be gladly accepted.

-Martin

[Dylan]

Curt,

Were you able to get the POST calls working with the GData OAuth
library? Everything I've tried fails with a 401. I dug into the GData
classes and I didn't see them encoding the POST parameters into the
signature. I tried hacking that in but with no luck.

On Apr 26, 12:24 am, curt <curtis.wens...@gmail.com> wrote:
> Hi, it's great you now have OAuth support!
>
> However, it doesn't seem to work for:
>

> http://www.google.com/reader/api/0/preference/stream/sethttp://www.google.com/reader/api/0/subscription/edithttp://www.google.com/reader/api/0/disable-tag

>
> My code used to use SID authentication, and was unchanged other than
> removing the SID from the post and adding the authentication.
>

> I'm using the GData objective c oauth provider:http://code.google.com/p/gdata-objectivec-client/wiki/OAuthSignInCont...

[Raibaz]

Hi, does anyone know if OAuth support is still up and running?

I am currently able to get an access token using "http://www.google.com/reader/api/*%20http://www.google.com/reader/atom/*" as scope, but i keep on getting 401 errors when trying to open /reader/api/0/token, both with my code and with Jayesh's

Any ideas about what i may be doing wrong?

Thanks

Mattia

[Simone Chiaretta]

Is there OAuth for Google Reader? I thought the only way to login was using the ClientLogin API
Simone

--
Simone Chiaretta
Microsoft MVP ASP.NET - ASPInsider
Blog: http://codeclimber.net.nz
RSS: http://feeds2.feedburner.com/codeclimber
twitter: @simonech

Any sufficiently advanced technology is indistinguishable from magic
"Life is short, play hard"

[Mihai Parparita]

OAuth should still be working. Are you making your token request over HTTPS by any chance (in which case your scope should be for HTTPS too)?

Mihai

[Raibaz]

On Jan 25, 6:27 pm, Mihai Parparita <mih...@google.com> wrote:
> OAuth should still be working. Are you making your token request over HTTPS
> by any chance (in which case your scope should be for HTTPS too)?

I checked, and i was using HTTP instead of HTTPS in my
scope...however, even using "https://www.google.com/reader/api/*
https://www.google.com/reader/atom/*" as my scope, which should be
correct as i use HTTPS for requesting oauth tokens, i keep on getting
403 for http://www.google.com/reader/api/0/token and 401 for
http://www.google.com/reader/api/0/subscription/list?output=json and
requesting these 2 URLs through HTTPS instead of HTTP doesn't work
either.

Any ideas on what i may be doing wrong?

Thanks a lot

Mattia

[Mihai Parparita]

On Thu, Feb 3, 2011 at 4:32 AM, Raibaz <rai...@gmail.com> wrote:
> I checked, and i was using HTTP instead of HTTPS in my
> scope...however, even using  "https://www.google.com/reader/api/*
> https://www.google.com/reader/atom/*" as my scope, which should be
> correct as i use HTTPS for requesting oauth tokens, i keep on getting
> 403 for http://www.google.com/reader/api/0/token and 401 for
> http://www.google.com/reader/api/0/subscription/list?output=json and
> requesting these 2 URLs through HTTPS instead of HTTP doesn't work
> either.
>
> Any ideas on what i may be doing wrong?

Can you include the full HTTP request response where you get 401s or
403s (including other headers and the status string, which may contain
more information like "401 Token expired")?

Mihai

[Raibaz]

Here is some data i gathered with Wireshark:

Request:
GET /reader/api/0/token?client=raibaz&ck=1296812743435 HTTP/1.1\r\n
Authorization: OAuth oauth_token=\"HIDDEN", oauth_consumer_key=\"HIDDEN
\", oauth_version=\"1.0\", oauth_signature_method=\"HMAC-SHA1\",
oauth_timestamp=\"1296812743\", oauth_nonce=\"-3471806177661520252\",
oauth_signature=\"l%2BxCroPjoPXxt9N52kfDw20noLU%3D\"
User-Agent: Java/1.6.0_16
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

Response:
HTTP/1.1 403 Forbidden\r\n
Content-Type: text/html; charset=UTF-8
X-Reader-Google-Version: 530-000\r\n
X-Content-Type-Options: nosniff\r\n
X-Frame-Options: SAMEORIGIN\r\n
X-XSS-Protection: 1; mode=block\r\n


Request:
GET /reader/api/0/unread-count?
output=json&client=raibaz&ck=1296812744162 HTTP/1.1\r\n
Authorization: OAuth oauth_token=\"HIDDEN\", oauth_consumer_key=
\"HIDDEN\", oauth_version=\"1.0\", oauth_signature_method=\"HMAC-
SHA1\", oauth_timestamp=\"1296812744\", oauth_nonce=
\"3164994263387457649\", oauth_signature=
\"zTq2U52rVOjwsJGlhT8me9gNyd0%3D\"
User-Agent: Java/1.6.0_16
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

Response:
HTTP/1.1 401 Unauthorized\r\n
Content-Type: text/html; charset=UTF-8
X-Reader-Google-Version: 530-000\r\n
X-Content-Type-Options: nosniff\r\n
X-Frame-Options: SAMEORIGIN\r\n
X-XSS-Protection: 1; mode=block\r\n

If it can be of any help, i'm using signpost with HttpUrlConnections.
I know it has some issues with POST requests and the suggested use is
with Apache commons-httpclient, but as i'm issuing GET requests i
thought it would work, as i already use it with other OAuth-based
websites (e.g. Foursquare); i'm going to give commons-httpclient a
shot anyway just in case i did something wrong with HttpUrlConnection.

Thanks a lot for the support.

[Raibaz]

I tried with commons-httpclient and keep on getting the same results,
but i can add some info hoping it helps:

When requesting /reader/api/0/unread-count or /reader/api/0/
subscription/list, i get a WARN from httpclient saying "Authentication
error: Unable to respond to any of these challenges: {}" and then i
get the 401 Client Error page in the response content.

Hope someone can point me in the right direction, as i'm completely
stuck :(

Thanks again

> > > 403 forhttp://www.google.com/reader/api/0/tokenand401 for

[Sean Lynch]

Hi,

Are you sure your authorization went through fine? Also I've gotten
the 401 error when I requested access using a scope of https and tried
to run a query through http, so that is something to double check.
Usually a 401 error means your query is ill formatted, and is often a
pain to debug.

[Mattia Tommasone]

I'm quite sure i did the authentication process correctly, at least because i tried every possible combination of http and https in the scope and in the urls i use for the requests :)

My guess id thatcher i'm probably doing something wrong with the api requests, but i have no clue about what i may be missing...

Il giorno 04/feb/2011 15.00, "Sean Lynch" <sean.p.g...@gmail.com> ha scritto:

[Raibaz]

FWIW, i also tried on the OAuth playground (http://
googlecodesamples.com/oauth_playground/index.php) using the two google
reader scopes, and it seems that even if i can correctly authenticate
and get access tokens, i can't access any data with my tokens.

I guess i'll have to use ClientLogin.

> Il giorno 04/feb/2011 15.00, "Sean Lynch" <sean.p.g.m.ly...@gmail.com> ha
> scritto:

[Mihai Parparita]

The OAuth playground works for me. I requested a token with the scope
https://www.google.com/reader/api, got the access token, and then
fetched https://www.google.com/reader/api/0/user-info and was able to
see the authenticated response as expected (the same thing over HTTP
worked too). What error did you see?

Mihai

[Mattia Tommasone]

Uh, you enlightened me!

I was requesting tokens for scope "https://www.google.com/reader/api/*
https://www.google.com/reader/atom/*", but it turns out i didn't have to
use the * at the end of each scope.

Now it works, just minutes after i got a ClientLogin implementation
working :)

Thanks a lot

[Simone Chiaretta]

Just a question: oAuth is the recommended way to login or is ClientLogin still the one to use?
Simone

Sent from my iPhone

[Mihai Parparita]

OAuth is recommended, since it doesn't involve users handing over
credentials to applications (additionally, the access tokens that are
obtained with it last indefinitely, whole ClientLogin tokens generally
only last two weeks).

Mihai

[Simone Chiaretta]

Ok, I'll try implementing it in my app then.
Are there some docs with all the various urls and keys?
Simone

Sent from my iPhone

[Mihai Parparita]

The regular Google OAuth docs
(http://code.google.com/apis/accounts/docs/GettingStarted.html#OAuth)
are a good starting point.

Mihai

On Tue, Feb 8, 2011 at 7:49 AM, Simone Chiaretta

[Simone Chiaretta]

Thx
I'll have a look
Simone

From PiyoPad

[Gaurav]

Hello Mihai,

I see the following message on OAuth pages: OAuth 1.0 has been officially deprecated as of April 20, 2012. I was planning to move from ClientLogin to OAuth, but I think it's better to consider OAuth 2.0 now.

Does the access token obtained via OAuth 2.0 need to be refreshed every hour (as per OAuth 2.0)? Since you previously mentioned that access tokens with OAuth last indefinitely. 

Thanks,

Gaurav

On Tuesday, 23 March 2010 07:27:14 UTC+5:30, Brad Hawkes wrote:

Hello friends,

It was asked in a previous thread if we could provide OAuth capabilities for accessing Reader data. We recently enabled OAuth support for Reader. You can find relevant information here: http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html 

You can request within a scope of http://www.google.com/reader/api/*

[Shankar Sangoli]

Hi Mattia,

Don't know if you will reply but I am still hoping so. I am having the same issue can you please help?

When I execute RequestAuthenticaion method of oAuth2Client it redirects the user to google login page. After successful login it shows the consent page and if user accepts it they are redirect to the return url page. where I try to verify the authentication using VerifyAuthentication method but this throws an error saying 401 unauthorised ..... This is really breaking my head. Any help is much appreciated.

I have tried will all these scopes "https://www.google.com/reader/api", "http://www.google.com/reader/api", "https://www.google.com/reader/api/*".

I am trying to get the subscription list as an xml using this endpoint. https://www.google.com/reader/subscriptions/export

Thanks

Shankar