Using the Google API Python client on Google AppEngine

[Vish]

Hi all,

I am trying to use the Google Python API Client in my Google AppEngine Application. I followed the instructions here and got all the required libraries copied over to the projects folder. I am trying to execute the scenario outlined in the 'service accounts' section described here https://developers.google.com/api-client-library/python/platforms/google_app_engine

When I try making a request with the http object obtained as shown in the code sample below

import httplib2

from google.appengine.api import memcache

from oauth2client.appengine import AppAssertionCredentials

credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/fusiontables')

http = credentials.authorize(httplib2.Http(memcache))

result = http.request("%s?%s&alt=csv" % ("https://www.googleapis.com/fusiontables/v1/query", "sql=SHOW%20TABLES"))

I end up with a unauthorized response. The response received is 

Response: {'status': '401', 'content-length': '19', 'x-xss-protection': '1; mode=block', 'x-content-type-options': 'nosniff', 'expires': 'Wed, 21 Nov 2012 19:47:27 GMT', 'server': 'GSE', '-content-encoding': 'gzip', 'cache-control': 'private, max-age=0', 'date': 'Wed, 21 Nov 2012 19:47:27 GMT', 'x-frame-options': 'SAMEORIGIN', 'content-type': 'text/html; charset=UTF-8', 'www-authenticate': 'AuthSub realm="https://www.google.com/accounts/AuthSubRequest" allowed-scopes="https://www.googleapis.com/auth/fusiontables.readonly,https://www.googleapis.com/auth/fusiontables"'}

Also the logs indicate

INFO     2012-11-21 14:39:25,403 client.py:404] Attempting refresh to obtain initial access_token

INFO     2012-11-21 14:39:25,569 client.py:424] Refreshing due to a 401

I am missing anything here? This is happening on my local dev server. The AppEngine app and the fusiontables account are owned by the same gmail account. Should I do anything special here to make sure that the AppEngine account gets access to the FusionTables account or is it handled transparently by AppEngine? The docs on the page above don't say much except that "If your App Engine application needs to call an API to access data owned by the application's project, you can simplify OAuth 2.0 by using Service Accounts". It doesn't say anything about if there something special that needs to be performed here. I also have the private keys and client id needed to access the fusiontables account using 'service accounts' authentication. 

When i try "from oauth2client.client import SignedJwtAssertionCredentials". I get an error saying "ImportError: cannot import name SignedJwtAssertionCredentials". Any thoughts on how I can get OAuth2 access to my fusiontables API on AppEngine? Any suggestions/help with the above questions would be greatly appreciated.

Thank You,

Vish

[Joe Gregorio]

App Identity doesn't work on the local dev server.

[Joe Gregorio]

On Sun, Nov 25, 2012 at 10:21 PM, Vish <vish...@gmail.com> wrote:
> Hi,
>
> Appreciate the help so far. A couple of questions on using the sample here.
> https://codereview.appspot.com/5362041/patch/1/2
>
> So, Should I get the client id and secret for an installed application and
> use it with the script?

Yes.

>
> Also, if i generate a refresh token with script above, How do I go about
> using the refresh token in AppEngine app on the local server?

The script stores a full Credentials object in the cmd-line.dat file
which you can use directly:

storage = Storage('cmd-line.dat')
credentials = storage.get()

> Should I use
> it with the AppAccessCredentials? If so, how do i go about doing it since
> the AppAccessCredentials class can't be initialized with the refresh
> token...
>
>
>
> Thank You,
> Vish