By the way. I've gotten all of the source out of the iframe, reformatted the relevant sections to try to debug the problem, but ran into a dead end. The difficulty appears to originate with the proxy server, not with the iframe javascript (though I'm not completely certain of that, and it's nearly impossible for me to confirm or deny).
On Jan 23, 4:49 pm, Mark Paine <[email protected]> wrote: > Hi Dan, > > Make no mistake, I think that you are super helpful. I recognize and > appreciate your presence, and willingness to research issues and take > them to developers if you don't know the answer. > > I apologize if my tirade sounded as if I was attacking you. I am not. > > But I *am* attacking the quality of the documentation when it comes to > someone who wants to create an OAuth Provider that interoperates with > Google-hosted gadgets. > > You responded above that the developer will update the documentation > with a link to an OpenSocial doc, but if you study that documentation > closely, it has the *exact same mistake* in it that the document that > I originally expressed my frustration with contained. > > Specifically, the OpenSocial document says (under the OAuth section): > "If the container uses a default consumer key, it will include an > additional OAuth parameter xoauth_app_url that identifies the gadget > making the request." > That's simply not correct. > > I've implemented an OAuth Provider. I've written a bazillion tests for > it and it tests out just fine. My test gadget uses the sample shindig > code provided on the Google developer site to fetch a protected > resource from my provider. Google's proxy server starts by making a > call to my "/oauth/request_token/" endpoint as it should. My server > responds with an http 200, with > "oauth_token=<generatedtoken>&oauth_token_secret=<generatedsecret>" in > the content body, as specified by the OAuth spec. > > And then nothing. Google's proxy server returns "Error 404" to the > shindig Javascript, even though my provider returned a 200 to the > proxy server. The response object that gets returned by the iGoogle > container to the shindig Javascript looks like this: > response.oauthError:undefined > response.oauthErrorText:undefined > response.oauthApprovalUrl:undefined > > I realize that some things *are* implemented in the sandbox, and some > things aren't. > > I also realize that there probably aren't too many people writing > their own OAuth providers, and that instead they might be using OAuth > while storing their data with Google. > > Given those two realizations, it's not clear to me that OAuth is > working with 3rd party providers, at least not in accordance with the > specifications that I've dug through. > > Thanks for your patience with my frustration. > > -Mark > > On Jan 23, 1:50 pm, "Dan (Google Employee)" <[email protected]> > wrote: > > > Hi Mark, > > > I'm not the author of that particular document, but, the author is > > aware that the change needs to be made, and has pledged to make the > > change soon. > > > I'm sorry that the time it takes for the documentation to update has > > discouraged you from using OAuth gadgets. Since you already have > > answers to all the questions you've asked, I'm unsure how I could have > > been more helpful. > > > Best, > > Dan > > > On Jan 22, 10:27 pm, Mark Paine <[email protected]> wrote: > > > > > 1. Documentation/spec compliance: > > > > Clearing up mistakes in documentation can be accomplished by > > > > modifying: "iGoogle uses the draft OAuth Gadgets Extension to provide > > > > the URL of the gadget on whose behalf the request > > > > is being made to service providers" to instead read: "iGoogle uses the > > > > OpenSocial specification [http://code.google.com/apis/opensocial/docs/ > > > > 0.8/reference/gadgets/#gadgets.io_method_detail] to provide the URL of > > > > the gadget on whose behalf the request is being made to service > > > > providers". This change should be made shortly. > > > > Shame that the documentation hasn't been updated yet. > > > > I'm giving up on gadgets with OAuth. It's too painful, and it's clear > > > that nobody there has time to give a shit about keeping the > > > documentation up-to-date. > > > > Sorry, but digging through Google Groups for answers to all these > > > questions is just a pain in the ass. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en -~----------~----~----~----~------~----~------~--~---
