Ok further testing revealed that the token I was receiving back from OAuthGetAccessToken (https://www.google.com/accounts/ OAuthGetAccessToken) was actually URL encoded. I don't remember seeing this anywhere in the documentation, I would recommend at least a note be added in the appropriate place. So I thought a quick URL decode and all my problems would be solved, nope. Now I get an even better error (403) Forbidden, the description for this error (Unsupported standard parameter, or authentication or authorization failed.) is not much more informative than the description for the previous (401) Unauthorized (Authorization required.). After more testing I was able to prove that the OpenID token is valid and has the correct scope, below is the response to a call to AuthSubTokenInfo (https://www.google.com/accounts/AuthSubTokenInfo). It looks like we are back to the permission parameter theory. When I go through the complete OAuth negotiation but omit the permission=1 parameter I get a token with the exact same result (403) Forbidden. I am off to do some more testing.
Target=dev.(...).com Secure=true Scope=https://www.google.com/h9/ feeds/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en -~----------~----~----~----~------~----~------~--~---
