oauth on appengine: access issue

Question

I am having some difficulty accessing resources through OAuth on AppEngine.

My client application (on Linux using python-oauth) is able to retrieve a valid "access token" but when I try to access a protected resource (e.g. user = oauth.get_current_user()) , I get a oauth.OAuthRequestError exception thrown.

headers: {'Content-Length': '21', 'User-Agent': 'musync,gzip(gfe),gzip(gfe)', 'Host': 'services.systemical.com', 'X-Google-Apps-Metadata': 'domain=systemical.com', 'X-Zoo': 'app-id=services-systemical,domain=systemical.com', 'Content-Type': 'application/json', 'Authorization': 'OAuth oauth_nonce="03259912", oauth_timestamp="1282928181", oauth_consumer_key="services.systemical.com", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_token="1%2Fo0-tcGTfRzkkm449qVxd_8CfCvMcW_0xwL024nO3HgI", oauth_signature="2ojSK6Ws%2BvDxx3Rdlltf53hlI2w%3D"'}

I suspect that the issue might be domain related i.e. I am using an end-point on services.systemical.com whilst I see that AppEngine reports domain=systemical.com for the X-Google-Apps-Metadata.

How do I fix this? Is it a problem with how I am using sub-domains with Apps/AppEngine??

---

The domain "services.systemical.com" points to (DNS CNAME) my appengine application services-systemical.appspot.com. The domain systemical.com is associated with a Google Apps domain.

---

Update: Here is the client code I am using:

class OauthClient(object):

    gREQUEST_TOKEN_URL = 'OAuthGetRequestToken'
    gACCESS_TOKEN_URL =  'OAuthGetAccessToken'
    gAUTHORIZATION_URL = 'OAuthAuthorizeToken'

    def __init__(self, server, port, base):
        self.server=server
        self.port=port
        self.base=base
        self.request_token_url=self.base+self.gREQUEST_TOKEN_URL
        self.access_token_url=self.base+self.gACCESS_TOKEN_URL
        self.authorize_token_url=self.base+self.gAUTHORIZATION_URL
        self.connection = httplib.HTTPConnection("%s:%d" % (self.server, self.port))

    def fetch_request_token(self, oauth_request):
        self.connection.request(oauth_request.http_method, self.request_token_url, headers=oauth_request.to_header()) 
        response = self.connection.getresponse()
        print response.status, response.reason
        print response.msg
        return oauth.OAuthToken.from_string(response.read())

    def fetch_access_token(self, oauth_request):
        self.connection.request(oauth_request.http_method, self.access_token_url, headers=oauth_request.to_header()) 
        response = self.connection.getresponse()
        return oauth.OAuthToken.from_string(response.read())

    def authorize_token(self, oauth_request):
        self.connection.request(oauth_request.http_method, oauth_request.to_url()) 
        response = self.connection.getresponse()
        return response.read()

Answer 1

I had a similar problem. Although i can't be more specific (I don't have the code with me) I can tell you that the problem is probably related to the request. Google App Engine is very picky with the request you make.

Try sending the request body empty. For example, this is the usual call:

import httplib
connection = httplib.HTTPSConnection('server.com')
connection.request('POST', REQUEST_TOKEN_URL,body = urlencode(body), headers = {'Authorization': header})

but you should send with an empty body:

connection.request('POST', REQUEST_TOKEN_URL, headers = {'Authorization': header})

The headers have all the information that is needed for OAuth.