Read access only for the Google OAuth 2.0 token?

253 views
Skip to first unread message

Warenix Wong

unread,
Jun 25, 2011, 11:40:49 AM6/25/11
to foug...@googlegroups.com
I follow Google OAuth 2.0 (experimental) to obtain an oauth token which I can then used to obtain my reading list and individual feed item.

Example url:

Then I tried to mark a feed item state as read but google always shows a 401 unauthorized error page.

This is the command I execute with curl

curl -v -H 'User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1' -H 'Content-Type: application/x-www-form-urlencoded;charset=utf-8' -d 'a=user%2F08320621299485960631%2Fstate%2Fcom.google%2Fread&async=true&s=feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FMashable&i=tag%3Agoogle.com%2C2005%3Areader%2Fitem%2F3370a590b029d2f4&T=<oauth_token>' http://www.google.com/reader/api/0/edit-tag?client=scroll

This is the output, stripped the <style> part

* About to connect() to www.google.com port 80 (#0)
*   Trying 74.125.71.103... connected
* Connected to www.google.com (74.125.71.103) port 80 (#0)
> POST /reader/api/0/edit-tag?client=scroll HTTP/1.1
> Host: www.google.com
> Accept: */*
> User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
> Content-Type: application/x-www-form-urlencoded;charset=utf-8
> Content-Length: 231
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=UTF-8
< X-Reader-Google-Version: 543-000
< Date: Sat, 25 Jun 2011 15:28:00 GMT
< Expires: Sat, 25 Jun 2011 15:28:00 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Transfer-Encoding: chunked
<
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Error
401
(Not Found)!!1</title>
</head>
<body><a href="//www.google.com/" id="g"><img src="//www.google.com/images/logo_sm.gif" alt="Google"></a>
<p><b>401.</b>
<ins>That&#39;s an error.</ins></p>
<p>There was an error in your request.
* Connection #0 to host www.google.com left intact
* Closing connection #0
<ins>That&#39;s all we know.</ins></p></body>

Is the access toekn I obtained from Google OAuth 2.0 give me read access only?
If I want to mark a feed item as read, should I change back to ClientLogin?

Mihai Parparita

unread,
Jun 25, 2011, 12:44:22 PM6/25/11
to foug...@googlegroups.com
For POST/state-changing requests two tokens are required: the
authentication token (passed in as oauth_token in your case) and the
action token (passed in as T, obtained from /reader/api/0/token -
meant to protect against XSRF attacks, needs to be refetched every 30
minutes).

Mihai

Warenix Wong

unread,
Jun 25, 2011, 2:11:31 PM6/25/11
to foug...@googlegroups.com
Thanks Mihai! I can now mark a feed item state as read after getting the action token (T)

Here's how I do for anyone might looking for similar stuff.

Get action token
Mark item state as read
HTTP POST to https://www.google.com/reader/api/0/edit-tag?client=scroll&oauth_token=<oauth_token>
POST paramters:
a=user/08320621299485960631/state/com.google/read&
async=true&
s=feed/http://feeds.feedburner.com/Mashable&
i=tag:google.com,2005:reader/item/3370a590b029d2f4&
T=<action_token>

krische

unread,
Jun 30, 2011, 10:36:16 AM6/30/11
to Friends of the Unofficial Google Reader API
I'm not having any luck with trying to edit. I'm using OAuth2 and I
can get my action token just fine. Like you I am always getting the
401 error. This is the exact URL I'm calling:

https://www.google.com/reader/api/0/edit-tag?client=scroll&oauth_token=1/bmC_nLDB_ixiXnNbVg1wAd8hHA2g8iqcJCWTJhes8JM&a=user/-/state/com.google/read&async=true&s=feed/http://feeds.boingboing.net/boingboing/iBag&i=tag:google.com,2005:reader/item/3a1add8aee461dce&T=//4zczVkZ-nr8PmEguGEX04w

Any ideas what is going wrong? I seem to have done the exact same
thing you did and it worked for you.

On Jun 25, 1:11 pm, Warenix Wong <ware...@gmail.com> wrote:
> Thanks Mihai! I can now mark a feed item state as read after getting the
> action token (T)
>
> Here's how I do for anyone might looking for similar stuff.
>
> Get action token
> HTTP GET tohttps://www.google.com/reader/api/0/token?&client=scroll&oauth_token=<oauth_token>
>
> Mark item state as read
> HTTP POST tohttps://www.google.com/reader/api/0/edit-tag?client=scroll&oauth_token=<oauth_token>

Warenix Wong

unread,
Jul 3, 2011, 9:43:13 PM7/3/11
to foug...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages