Poster and Identity v1

6 views
Skip to first unread message

FamTreeArborist

unread,
Mar 23, 2010, 1:23:32 PM3/23/10
to Android with FamilySearch, zimme...@familysearch.org
Greg and group. You should have authority to post questions on this
group. Here is a posting from our newest member Greg Reno. My answer
is that there is a V1 and V2 for identity use VI Identity for Poster.
What do you think Jimmy?

---, I'm trying to get started by first using Poster with the V2
spec. However, I am not able to do the first step, which I believe is
to get a token. Here is my URL in Poster:

https://api.familysearch.org/identity/v2/request_token?oauth_consumer_key=xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx&oauth_nonce=123456789&oauth_signature_method=PLAINTEXT&oauth_signature=%26&oauth_timestamp=1269366087&agent=Android

(Note that I substitute xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx for my
developer key)

When I click the Get button, I get a 401 Unauthorized error. I got the
timestamp from http://www.unixtimestamp.com/index.php which should
give me the right unix value.

I found the instructions on using Poster, but its for the V1 spec.

Thanks,
-Gregg Reno

Jimmy Zimmerman

unread,
Mar 23, 2010, 1:30:20 PM3/23/10
to fs-an...@googlegroups.com
Hi Greg,

My guess is that you don't yet have a Production System developer key, so the developer key you have would be valid on the Reference System only.

The URL you would use for the Reference System would be:

http://www.dev.usys.org/identity/v2/request_token?oauth_consumer_key=xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx&oauth_nonce=123456789&oauth_signature_method=PLAINTEXT&oauth_signature=%26&oauth_timestamp=1269366087&agent=Android

Everything else in your request looks correct.

--
Jimmy

> To unsubscribe from this group, send email to fs-android+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.


NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.


Gregg Reno

unread,
Mar 23, 2010, 2:10:29 PM3/23/10
to fs-an...@googlegroups.com
Thanks Jimmy - that worked.  I had been using the www.dev.usys.org link previously, but somehow pasted the production link in by mistake.

Two other questions for you:
  • My timestamp was rejected, but the server gave me a correct range to use.  After using a number in that range, it worked.  Maybe this site http://www.unixtimestamp.com/index.php has it's clock set differently than the reference system server?  If so, do I need to somehow compensate for the time difference?
  • Is there any Android source code I can use as a starting point?  Just looking for something basic like the authentication and a name lookup.  It would save some time.
Thanks,

-Gregg

Jimmy Zimmerman

unread,
Mar 23, 2010, 2:37:14 PM3/23/10
to fs-an...@googlegroups.com
No Android specific sample code that I know of yet. There is Java code for all of the serializing/parsing stuff. I believe it is to be used with the Jersey client library. Would this work with Android?


We should start a project for sample code. Anyone want to start a project on Google Code? Or somewhere else? My Ruby library is out on Github.com, but I don't know if that's where Android/Java developers hang out.

--
Jimmy

Michael Helmantoler

unread,
Mar 23, 2010, 3:36:34 PM3/23/10
to fs-an...@googlegroups.com
Marko has some code that Gordon calls a "demo of access". I don't know where he keeps it.

Michael
________________________________________
From: fs-an...@googlegroups.com [fs-an...@googlegroups.com] On Behalf Of Jimmy Zimmerman [Zimme...@familysearch.org]
Sent: Tuesday, March 23, 2010 12:37 PM
To: fs-an...@googlegroups.com
Subject: Re: Poster and Identity v1

No Android specific sample code that I know of yet. There is Java code for all of the serializing/parsing stuff. I believe it is to be used with the Jersey client library. Would this work with Android?

https://devnet.familysearch.org/downloads/sample-code/sample-clients

We should start a project for sample code. Anyone want to start a project on Google Code? Or somewhere else? My Ruby library is out on Github.com<http://Github.com>, but I don't know if that's where Android/Java developers hang out.

--
Jimmy

On Mar 23, 2010, at 12:10 PM, Gregg Reno wrote:

Thanks Jimmy - that worked. I had been using the www.dev.usys.org<http://www.dev.usys.org/> link previously, but somehow pasted the production link in by mistake.

Two other questions for you:

* My timestamp was rejected, but the server gave me a correct range to use. After using a number in that range, it worked. Maybe this site http://www.unixtimestamp.com/index.php has it's clock set differently than the reference system server? If so, do I need to somehow compensate for the time difference?
* Is there any Android source code I can use as a starting point? Just looking for something basic like the authentication and a name lookup. It would save some time.

Gregg Reno

unread,
Mar 23, 2010, 3:40:01 PM3/23/10
to fs-an...@googlegroups.com
I see the jar file there for V1, but don't see any documentation on how to use it.

-Gregg

Jimmy Zimmerman

unread,
Mar 23, 2010, 3:46:15 PM3/23/10
to fs-an...@googlegroups.com
Which V1 are you referring to (Identity v1? FamilyTree v1?)? The FamilyTree module should have code for FamilyTree v2.

The code gives only serialization/parsing functionality, XML-> Java Objects -> XML. You should use Jersey for doing the actual web requests:


--
Jimmy

Gregg Reno

unread,
Mar 23, 2010, 4:14:06 PM3/23/10
to fs-an...@googlegroups.com
OK, thanks for the link - that helps.  I was referring to Identity V2 since that seems to be the starting point for all access.
-Gregg

Jimmy Zimmerman

unread,
Mar 23, 2010, 4:35:14 PM3/23/10
to fs-an...@googlegroups.com
You may want to start with Identity v1 for development, although currently FamilySearch is only certifying new apps on Identity v2.

Identity v1 is pretty simple to use. Simply make a GET request on the /identity/v1/login property and use the "header" method on the WebResource to add 
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
The header name is "Authorization" and the value will be "Basic {Base64 encoding of 'username:password'"

Or, if you want to go the Identity v2 route, this looks like a good tutorial since it is just standard OAuth.


--
Jimmy

Gregg Reno

unread,
Mar 29, 2010, 8:15:55 PM3/29/10
to fs-an...@googlegroups.com
Well, I am trying to figure out this oAuth process and am really struggling. 

Am I correct in assuming that the only way to authenticate is to show the user a web page and have them type in their username and password?  I would rather store that for them in a preference file and log them in automatically.

Also, I get to the point where the username and password screen is displayed.  If I enter my "api-user-2120" user id and password, I get a message "The session has timed out or is invalid.  Unable to continue authentication".  But if I put in a bogus username and password, I get "the username or password is incorrect".  Any ideas?

Jimmy Zimmerman

unread,
Mar 31, 2010, 3:41:28 PM3/31/10
to fs-an...@googlegroups.com
Hi Gregg,

Am I correct in assuming that the only way to authenticate is to show the user a web page and have them type in their username and password?  I would rather store that for them in a preference file and log them in automatically.

Unless the policy changes at FamilySearch, credentials cannot be stored in an application. Therefore, it does require a web page for a typed username and password.

Also, I get to the point where the username and password screen is displayed.  If I enter my "api-user-2120" user id and password, I get a message "The session has timed out or is invalid.  Unable to continue authentication".  But if I put in a bogus username and password, I get "the username or password is incorrect".  Any ideas?

A session should only timeout after 25 minutes of inactivity, so this seems strange. It is possible that there is a bug on our end, but I haven't seen this yet. Do you get this error every time you go through the entire OAuth process? Are there any HTTP headers in the response that you can log/share?

--
Jimmy

Gregg Reno

unread,
Apr 2, 2010, 8:41:32 AM4/2/10
to fs-an...@googlegroups.com
The problem with having to go to a web page to authenticate means that I have to pass control to the external web browser.  So, I can't see the headers.  I'll just get a notification back once the user is authenticated.

Here is how I get my consumer token, which seems to work fine:
private void GetConsumerToken()
    {
        String url = serverName + IDENTITY_REQUEST_TOKEN;
        String sTimestamp = String.valueOf(System.currentTimeMillis() / 1000);       
        HttpClient httpclient = new DefaultHttpClient();
         
            // Prepare a request object
            HttpGet httpget = new HttpGet("http://www.dev.usys.org/identity/v2/request_token?oauth_consumer_key=(my dev key here)&oauth_nonce=123456789&oauth_signature_method=PLAINTEXT&oauth_signature=%26&agent=Android&oauth_timestamp=" + sTimestamp);
              HttpPost httppost = new HttpPost(url);         
     
            // Execute the request
            HttpResponse response;
            try {

                response = httpclient.execute(httpget);
               
                // Examine the response status
                DebugMsg("status = " + response.getStatusLine().toString());
     
                // Get hold of the response entity
                HttpEntity entity = response.getEntity();
                // If the response does not enclose an entity, there is no need
                // to worry about connection release
     
                if (entity != null) {
     
                    // A Simple JSON Response Read
                    InputStream instream = entity.getContent();
                    String result= convertStreamToString(instream);
                    DebugMsg("Result =" + result);
                   
                    oauthConsumerToken = result.substring(result.indexOf("oauth_token=") + 12);
                    oauthConsumerToken = oauthConsumerToken.substring(0, oauthConsumerToken.indexOf("&"));
                    oauthTokenSecret = result.substring(result.indexOf("oauth_token_secret=") + 19);                   
                    oauthTokenSecret = oauthTokenSecret.substring(0, oauthTokenSecret.indexOf("&"));
                }

    }
I successfully get my consumer token and secret token, then call this, which is where my problem is:
    OAuthAccessor defaultClient() {
        String callbackUrl = "reno-familysearch:///";
        OAuthServiceProvider provider =  defaultProvider();
        OAuthConsumer consumer = new OAuthConsumer(callbackUrl, oauthConsumerToken, oauthTokenSecret, provider);

        OAuthAccessor accessor = new OAuthAccessor(consumer);
        OAuthClient client = new OAuthClient(new HttpClient4());
        return accessor;
    }

Jimmy Zimmerman

unread,
Apr 2, 2010, 7:32:59 PM4/2/10
to fs-an...@googlegroups.com
Hi Greg,

I can't nail down anything wrong in the code. If you won't be releasing a product before May, you may want to stick with Identity v1, which is far simpler than the v2 stuff and would get you past this authentication hurdle more quickly. It is possible that a new authentication mechanism will be introduced for Identity v2 which would be more similar to the Identity v1 mechanism. This would be available for mobile and desktop apps, and would work with the new CIS credentials.

--
Jimmy
Reply all
Reply to author
Forward
0 new messages