Hi Daniel, The Provisioning API supports 3-legged OAuth for authentication, however you don't have to add the xoauth_requestor_id parameter to the request. This is a sample working request:
*GET /a/feeds/mydomain.com/user/2.0 HTTP/1.1 X-HostCommonName: apps-apis.google.com Authorization: OAuth oauth_consumer_key="anonymous",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1298679334",oauth_nonce="397029916",oauth_version="1.0",oauth_token="1%2FDS8tilsOPPPonW_QbQrQwjiYYztZBQtdE9SJ14PkOwU",oauth_signature="llxNAttxo1Ry2jN7SoR213nYO6k%3D" Cookie: lang=enCookie2: $Version=1 Host:apps-apis.google.com X-Forwarded-For: 10.244.130.239 X-Target-URI: https://apps-apis.google.com Connection: Keep-Alive * Which returns the following response: *HTTP/1.1 200 OK GData-Version: 1.0 X-Frame-Options: SAMEORIGINVary: Accept, X-GData-Authorization, GData-Version Date: Sat, 26 Feb 2011 00:15:35 GMTContent-Length:110500 X-XSS-Protection: 1; mode=block Expires: Sat, 26 Feb 2011 00:15:35 GMTLast-Modified:Thu, 01 Jan 1970 00:00:00 GMTContent-Type:application/atom+xml; charset=UTF-8Server: GSE X-Content-Type-Options: nosniff Cache-Control: private, max-age=0, must-revalidate, no-transform <?xml version='1.0' encoding='UTF-8'?>... * This instead is a wrong request, i.e. the one with xoauth_requestor_id: *GET /a/feeds/mydomain.com/user/[email protected]/1.1 * X-HostCommonName: apps-apis.google.com Authorization: OAuth oauth_consumer_key="anonymous",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1298679132",oauth_nonce="960917820",oauth_version="1.0",oauth_token="1%2FDS8tilsOPPPonW_QbQrQwjiYYztZBQtdE9SJ14PkOwU",oauth_signature="zcg9eShwoUyKlrQmATWsydJin9M%3D" Cookie: lang=enCookie2: $Version=1 Host:apps-apis.google.com X-Forwarded-For: 10.244.130.239 X-Target-URI: https://apps-apis.google.com Connection: Keep-Alive Which returns the following response: *HTTP/1.1 401 API is secure. Needs security Credentials* X-Frame-Options: SAMEORIGIN WWW-Authenticate: GoogleLogin realm=" http://www.google.com/accounts/ClientLogin";, service="apps" Date:Sat, 26 Feb 2011 00:12:12 GMT Content-Length: 179 X-XSS-Protection: 1; mode=blockExpires:Sat, 26 Feb 2011 00:12:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Server:GSE X-Content-Type-Options: nosniff Cache-Control: private, max-age=0 <HTML><HEAD><TITLE>Unknown authorization header</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Unknown authorization header</H1><H2>Error 401</H2></BODY></HTML> Claudio On Fri, Feb 25, 2011 at 3:22 AM, Daniel Florey <[email protected]>wrote: > Hi, > can someone please elaborate if the provisioning API for 3-legged OAuth is > supported? > As stated in the docs it should be supported. I can grab a OAuth token for > the "https://apps-apis.google.com/a/feeds/"; scope, but when accessing the > groups feed, I get: > > > com.google.gdata.util.AuthenticationException: OK > <HTML> > <HEAD> > <TITLE>Unknown authorization header</TITLE> > </HEAD> > <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> > <H1>Unknown authorization header</H1> > <H2>Error 401</H2> > </BODY> > </HTML> > > I'm adding the "xoauth_requestor_id" to the request. It works fine for all > other GData API's so far. > > Any help would be appreciated, > > Daniel Florey > > OAuth for web applications > > Provisioning API service also supports 3-legged OAuth scheme for allowing > web applications to manage users, nicknames, groups and organization units. > TheOAuth guide <http://code.google.com/apis/accounts/docs/OAuth_ref.html> > provides > more information on how to obtain access tokens > > *OAuth scope parameter* > > https://apps-apis.google.com/a/feeds/ > > -- > You received this message because you are subscribed to the Google Groups > "Google Apps Domain Information and Management APIs" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-apps-mgmt-apis?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
