Google Reader Authentication problem

Question

Google Reader API Seems expecting something different for authentication today!

About a week ago, I downloaded this, and everything is working and I try to port that to java. For my code, it is working perfectly (with the help on your examples) until today. I stack tracing everything and I found out that suddenly the google reader is not accepting only SID as the cookie. And of course, I test run your sample application as well and it is not working as well.

Then I went to tamper the data of the Google Reader, and I remove every cookie entries except the SID, and it is not working (well it gives 401, just like my application and your sample); I tested again and I found that it now needs another cookie entry called HSID, which, compare to SID (which is more than 100 word long) it is about 10-20 words. Any one know where can we get that additional HSID?

PS I can do the HTTPS for authentication and google is returning three tokens (SID, LSID, AUTH) to me. But nowhere I can guess what the HSID is.

Answer 1

Have the same problem with my Google Reader client http://desktopgooglereader.codeplex.com/ Anyone knowing what we need to change? Reeder for iPhone and NNW (latest hotfix) seem to have a solution

Answer 2

You have to add the Authorization GoogleLogin auth=xxx to your header. Here is the quote from the message:

Here is a quick summary of how to make this change: For those apps that area already obtaining authentication from https://www.google.com/accounts/ClientLogin you should get back as part of your response an Auth= value. For every request you send to Reader you should provide that value as a HTTP header and things will work as usual. The header format is: Authorization:GoogleLogin auth=[value obtained from ClientLogin]

Conferm that it works! I got the same error and already solved the issue. See it here.

Answer 3

I did it. Yes, the link provided by sfa is right. But the format is sort of too confusing. Here's how I do it.

1. Post to https://www.google.com/accounts/ClientLogin with login credentials.
2. In return, three tokens will be passed if correct login: a. SID b. LSID c. Auth
3. Save the Auth somewhere in application. Forget about SID and LSID (I guess they might remove them later on)

4. In every request, add following in the header: headername: Authorization value: GoogleLogin auth={Auth string} e.g. (in java)

   HttpGet method = new HttpGet(CommandUrl + QueryString); method.addHeader("Authorization", "GoogleLogin auth=" + Auth);

This works. Thanks sfa for the link.

Answer 4

when you first login use https://www.google.com/accounts/ServiceLoginAuth . you will get hsid!

i see all google reader api operation use hsid.

i use firebug can see hsid in setCookie field of response

Answer 5

For me as described by xandy it works now again :)

Answer 6

See http://code.google.com/p/google-reader-api/wiki/Authentication for details, but briefly, only ClientLogin and OAuth are supported. Please do not continue to simulate the browser flow (with SID and HSID cookies), that is not supported and may break at any point.

Answer 7

The 4 steps described by xandy are working, thanks.

This is my implementation of xandy's steps in .NET: http://sandrinodimattia.net/blog/post/Consuming-Google-(Reader)-with-NET-Part-1-Authentication.aspx

Answer 8

Or consider using the ReaderTemplate class offered here: http://github.com/wspringer/greader-java/. It basically hides the complexity of weaving in the appropriate headers and (re)authentication.