Does anyone know any web application example where Oauth has been used in with google data API?
+1
A:
From what I understand (correct me if I'm wrong). In order to get the request token back set the oauth_callback to the absolute path where the oauth_token will be appended to the oath_callback.
From (http://code.google.com/apis/gdata/docs/auth/oauth.html)
Extracting the token from the callback URL
When Google redirects back to your application, the oauth_token is appended to the "oauth_callback_url" URL as a query parameter. Your application should then extract the token value from its URL query parameter and re-establish the oauth parameters.
If you're using Google OAuth helper, then you can try this example.
import com.google.gdata.client.docs.*;
import com.google.gdata.client.authn.oauth.*;
String CONSUMER_KEY = "example.com";
String CONSUMER_SECRET = "abc123doremi";
GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();
oauthParameters.setOAuthConsumerKey(CONSUMER_KEY);
oauthParameters.setOAuthConsumerSecret(CONSUMER_SECRET);
oauthParameters.setScope("https://docs.google.com/feeds/");
oauthParameters.setOAuthCallback("http://www.example.com/UpgradeToken.jsp");
GoogleOAuthHelper oauthHelper = new GoogleOAuthHelper(new OAuthHmacSha1Signer());
oauthHelper.getUnauthorizedRequestToken(oauthParameters);
This example seemed to have been written inside a JSP. You can use it using Frameworks.
The oauthParameters.setOAuthCallback() is where Google added their callback URL path to ensure their token are returned.
The Elite Gentleman
2010-03-30 21:21:20
That's what I am exactly trying. My real problem comes when user grants or denies access. How should I catch that event? I need to query for oauth_token from callback_url, but that depends only if user has granted the access.
yogsma
2010-03-30 21:59:31
What do you mean `when user grants or denies access`?
The Elite Gentleman
2010-03-30 22:37:07
well..once I get an authorized URL , I will redirect user to that URL where user provides his login details and he gets the screen where he can grant access to data of that google service or he can deny.
yogsma
2010-03-31 05:22:06
For that, You can only assign an `oauth_callback` to the authorized URL. If the user denies, you won't get any callback returned to your page. You can only do a callback to a successful user authorization.
The Elite Gentleman
2010-03-31 08:07:53
I got your point. Somehow my callback url is one of the authorized page which only logged in users can see. But when oauth_token is appended to callback url after access is granted, it takes back them to login page instead of the page they were before.
yogsma
2010-03-31 15:55:16
I don't quite follow. If The OAuth Service provider returns to your `oauth_callback` url, then it's working fine. It must be the way you're handling authentication/authorization from your webapp, the logic isn't fine.
The Elite Gentleman
2010-04-01 09:36:35
Well, it is definitely working. Somehow I am stuck on how to use callback url. You might get idea what exactly I am looking for in my other question, I asked on stackoverflow.
yogsma
2010-04-01 14:22:13