Google Data API Tips: OAuth in Google App Engine

OAuth in Google App Engine

Posted by Eric (Google) on Monday, April 06, 2009

This sample demonstrates a basic structure that you can use to perform 3-legged OAuth using the Google Data Python client library in Google App Engine. This particular example talks to the Documents List Data API.

App Engine (Python) + OAuth sample

Note: The sample is available in two versions, one that signs requests with RSA-SHA1 and another that signs with HMAC-SHA1.

22 comments:

egilchri said...: Hi, I've been studying this code pretty intensely, since I'm trying to implement authorization over a mobile device.

So I plan to have them do the initial setup, using a browser, but after that, they should be able to call in and invoke services from their phone. I'll use their caller ID to get to their access token, which your code has conveniently stored in a table called TokenCollection. I do this by associating phone numbers with email ids. These email ids are my indexes into your TokenCollection table.

How is the value of "access_token" passed from MainPage->get to FetchData->post? You don't seem to pass it as a parameter.

Thanks, Ted Gilchrist; April 20, 2009 9:03 AM
Eric (Google) said...: Hi Ted,

Thanks for the comment.

The short answer is that the token is passed as a property of the client/service object.

The Python lib stores both AuthSub (session) and OAuth (access) tokens inside a token_store or within a current_token property, depending on the setup. By default, I believe the token_store is used.

The service object recalls the token later on like this:
http://code.google.com/p/gdata-python-client/source/browse/trunk/src/gdata/service.py#418.

This process is dead simple on App Engine b/c tokens are stored for the current logged in user. All you need to do is recall the token later on:
access_token = client.token_store.find_token(SCOPE)

Hope this helps,
Eric; April 20, 2009 9:48 AM
Rahul Garg said...: Hi
can OAuth in Google App Engine be implemented by using java.Plz help
thank you; May 18, 2009 8:03 AM
Eric (Google) said...: Hi Rahul,

There's a GAE Java + Google Data + OAuth sample here:
http://oauthexample.appspot.com/Welcome

the source is available here:
http://code.google.com/p/googleappengine/source/browse/#svn/trunk/java/demos/oauth

Cheers,
Eric; May 18, 2009 10:43 AM
Sleepless in KL said...: Hi, I am trying to run the sample using Google App Engine Launcher. But I am getting errors.

I don know how to get, CONSUMER_KEY': 'YOUR_CONSUMER_KEY',
I am using app spot, so I do have any domain to register and get consumer keys.

Please help me . I am a nob in python. thanks; December 22, 2009 9:02 PM
Faiz said...: Thanks for the info. It helps. ^_^; May 17, 2010 11:54 PM
Gene said...: I am looking for an OAuth example that users the GData client library in a GWT framework. Any ideas? GWT doesn't like any of the oAuth classes. For example as soon as I include GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters(); the starting point for any OAuth Code I get a NoClassDefFoundError error.

A Gwt-Gae-Java demo would be much appreciated?; June 8, 2010 5:10 PM
Brandon said...: Made a GWT App Engine OAuth Demo: http://code.google.com/p/gwt-examples/wiki/DemoGwtGData; January 14, 2011 7:05 PM
Patrick said...: Hi Brandon,
your work seems pretty good, thanks a lot!; April 9, 2011 10:42 AM
SHOUBHIK BOSE said...: Hi,

I guess the oauthexample.appspot.com disabled.

Anyways, a problem has been eating up my head since last night !

After aquiring the Access Token (it works fine right after acquiring it and retrieves blog lists perfectly!) ,
BUT when, I'm saving it as a session attribute.

Then, in the subsequent pages ( and requests), I'm creating a GoogleOAuthParameters object to pass to the setUserCredentials(...) function.

HttpSession s = request.getSession(true);

String accessToken=s.getAttribute("accessToken").toString();
String ats=s.getAttribute("oauth_token_secret").toString();

if(!s.isNew()){

GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();

oauthParameters.setOAuthConsumerKey("sbose78.appspot.com");
oauthParameters.setOAuthConsumerSecret("81XXXXXXXXXXXXXXXXX");
oauthParameters.setOAuthToken(accessToken);
oauthParameters.setOAuthTokenSecret(ats);

OAuthSigner signer=new OAuthHmacSha1Signer();

/************************************************************/

MyBlog b=new MyBlog(oauthParameters, signer);
String blogs[]=b.printUserBlogs();
for(int i=0;i"+blogs[i]);
}
}
else{
out.println("NEW SESSION.. WON'T WORK !!");
}

I'm getting the following exception:

com.google.gdata.util.AuthenticationException: OK
Must authenticate to use 'default' user

Things had worked out fine when I used my Access token right after acquiring it.

Thanks ,
Shoubhik Bose.; June 17, 2011 10:57 PM
Anh Tuan said...: How is the value of "access_token" passed from MainPage->get to FetchData->post? You don't seem to pass it as a parameter.

Thanks, Ted Gilchrist
High Class London Escorts Cheap London escorts; June 19, 2011 4:40 AM
google said...: Any ideas? GWT doesn't like any of the oAuth classes. For example as soon as I include GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters(); the starting point for any OAuth Code I get a NoClassDefFoundError error.

livesex melbourne strippers; October 29, 2011 8:19 PM
google said...: Eric's suggestion to use Zend_Gdata_HttpClient instead of Zend_Http_Client is not clear and generates other errors.

Penis Pump Sydney Escort; October 29, 2011 11:35 PM
Yahoo said...: Once you enter PeekShows.com you will have immediate access to Free Live Webcams. Cam to cam with hot nude porn models right now! Free live porno sex videos, in real time. Its Free Porn and Free Live Sex for the common man! PeekShows Girls are waiting right now and 24/7 to watch you and engage in cam to cam sex with you! PeekShows Cam Models want to watch you stroke your cock just for them on web cam to cam, while they play with their pussys and please you in the hottest sexchat on earth! Join now and claim your free lifetime membership to PeekShows.com! Only you decide when it is time to purchase tokens on PeekShows.com for your own sneak peek, tokens which you will use for hot 1on1 private action with your favorite model! Sexting your favorite models are waiting to please you, don't make them wait for a quick peek. ;)
free cam to cam red sexy lingerie; October 30, 2011 9:48 AM
Yahoo said...: London Escorts

We aim to be the leading London escort directory providing you with the hottest London escorts, English escorts, UK escorts, British escorts. Our london escort and Uk escort girls are all porn stars, xxx stars, xxx amateurs, porn amateurs and naughty teen girls that want to please you in London, England.
how to grow your penis London Escorts; October 31, 2011 1:42 AM
google said...: All these antioxidants can be found in the macula's tissue. They have the special capacity of absorbing 40%-90% of the intensity of blue light, and therefore can act like a sort of eyes' sunscreen.
chat sex Las Vegas Escort; October 31, 2011 4:46 AM
google said...: The brain-eating amoeba tends to be more active in terms of growth and multiplication, in the months of July, August, and September. They are not found in one form. It grows in three forms which are, cyst, trophozoite and flagellate.

discount sexy lingerie Sydney Escort; November 2, 2011 10:15 PM
google said...: The pressure buildup compress the nerves either at points where they exit the spinal cord and run to various parts of the body or within the spinal cord.
Vegas Escorts effects of salvia; November 4, 2011 4:50 AM
Wonderful Jewelry said...: fashion jewelry wholesale
wholesale fashion jewelry
china jewelry wholesale
china fashion jewelry
jewelry wholesale china
fashion jewelry china
wholesale jewelry
jewelry wholesale; November 10, 2011 3:16 AM
Ecommerce said...: Very advantageous cavalcade you acquire here.. Nicely presented admonition in this post, I accept to apprehend this affectionate of stuff. The more of adequate is able and the abeyance is good. Acceptance for the post.

Android app developer; December 14, 2011 6:12 AM
dongsheng said...: Et voici la preuve photographique. Cette sneak peek [ci-dessus] illustre la stratgie d'tre abattu par l'oncle Karl lui-mme, et bien que nous tions secrtement cherche voir miss Dellal apportant ses battues cuirs noirs sur la campagne, shes regardant puissante dame comme porter un gilet blanc et arc dlicate dans leur cheveux tresss.

Thunk Whoda ci.
Mais ne vous inquitez pas, le bord marque Alices continue tre en raison de tact pour saisines de eye-liner noir en plus d'une lvre rouge vif. Le modle est perch sur une table de toilette l'intrieur d'un appartement somptueux haussmannien, tout en prsentant un sac main gris matelass avec la collection Sac Hermès Mini Plume. Nous sommes impatients d'en savoir vraiment ce blog.

Sac Hermès Shoulder Birkin; March 18, 2012 2:37 AM
kosovohp said...: Girl Xinh | Hot Girl | Cute Girl | Sexy Girl | Hot Girl Asian
Hot Girl | Lexi Belle | Sexy Girl | Cute Girl | Hot Asian Girl | Leah Dizon | Hot Girl Asian | Girl Xinh
socks proxy | socks5 | proxy free |proxy list; May 7, 2012 11:13 PM