Hi Andy, I've posted some working OAuth code (Java) in the Google Apps forum that might be helpful.
http://www.google.com/support/forum/p/apps-apis/thread?tid=3def276558898c56&hl=en It uses HMAC-SHA1 signing, which is supported on H9 but not production Health. You'll need to change to RSA-SHA1 when you migrate to Health production as well. The only difference that I see so far is that when you're getting you request token, you're not including the "permission=1" (or "=0") HTTP GET parameter. I believe that excluding this parameter causes an error when trying to use the token, however. Also, I've yet to try using OAuth with the "secure=0" parameter. Without it, we'll need to register your domain name in the H9 system. If you don't get better results when including the permission parameter, let's give this a try. I hope this helps! Let us know how it goes! Paul (Google) P.S. Bess and Gilad... thanks a ton for your great suggestions! There are definitely some tweaks necessary for Health/OAuth integration. The Google OAuth implementation is standard, but there are certainly potential gotchas like the permission and secure parameters with Health. Great ideas! On Jun 14, 6:44 pm, Andras Ketskes <[email protected]> wrote: > I've tried that yesterday, it seems to be using the older 1.0 version, not > 1.0a as the callback is not specified and acknowledged in the request token > dialog. > The docs > (http://code.google.com/apis/accounts/docs/OAuth.html#tokensCallbackand > others) say that oauth_callback should now be specified in the request token > request as described in the OAuth 1.0a spec. > > Can someone from Google comment on this, please? > > Andy > > On Jun 14, 2010, at 9:34 PM, gilad wrote: > > > > > you can test your oauth implementation here: > >http://googlecodesamples.com/oauth_playground/ > > > lets you set the fields and the google service to authenticate against > > and see the request values > > > Gilad > > > On Jun 14, 6:22 pm, Andras Ketskes <[email protected]> wrote: > >>>>> On Mon, Jun 14, 2010 at 5:10 AM, AndyBT <[email protected]> wrote: > >>>>> Hi, > > >>>>> I've been trying to get H9 working with our site's OAuth stack, but > >>>>> the browser is not redirected back to our site when the token is > >>>>> authorized. It is redirected to the main screen of H9 (https:// > >>>>> h9.google.com/h9/p/) instead. The very same OAuth implementation works > >>>>> fine with Twitter (and a number of other sites) and I don't see > >>>>> anything wrong with the requests either. Do you have any idea what the > >>>>> problem might be? > >>>>> Please see the request below. I have tried it with a non-localhost > >>>>> callback URI, but got the same results. > > >>>>> Andy > > >>>>> REQUEST TOKEN: > >>>>> GET /accounts/OAuthGetRequestToken?scope=https%3A%2F%2Fwww.google.com > >>>>> %2Fh9%2Ffeeds%2F&secure=0 > >>>>> Host:www.google.com > >>>>> Accept: application/x-www-form-urlencoded > >>>>> Authorization: OAuth oauth_callback="https%3A%2F%2Flocalhost > >>>>> %3A8181%2FBodyTrace%2Foauth.html", > >>>>> oauth_signature="WvFoIjoatdeQ2edwcTMRm4xO1%2BI%3D", > >>>>> oauth_version="1.0", oauth_nonce="25357458- > >>>>> df48-4c2e-8500-95269078a030", oauth_signature_method="HMAC-SHA1", > >>>>> oauth_consumer_key="www.bodytrace.com", oauth_timestamp="1276515738" > >>>>> === > >>>>> 200 OK > >>>>> Date: Mon, 14 Jun 2010 11:42:18 GMT > >>>>> Content-Length: 118 > >>>>> Expires: Mon, 14 Jun 2010 11:42:18 GMT > >>>>> X-XSS-Protection: 1; mode=block > >>>>> Alternate-Protocol: 443:npn-spdy/1 > >>>>> Content-Type: text/plain; charset=UTF-8 > >>>>> Server: GSE > >>>>> Cache-Control: private, max-age=0 > >>>>> X-Content-Type-Options: nosniff > >>>>> oauth_token=CIPR97-oEhDQlquC- > >>>>> _____8BGLfFo5gD&oauth_token_secret=EnNXym2dpZD05jWiLY6zQBii&oauth_callback_ > >>>>> confirmed=true > > >>>>> URI WE REDIRECT TO AUTHORIZE: > >>>>>https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=CIPR9... > > >>>>> URI OF AUTHORIZATION PAGE IN BROWSER: > >>>>>https://h9.google.com/h9/oauth?oauth_token=CIPR97-oEhDQlquC-_____8BGL... -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
