I suggest Google Health team to come up with a fully working sample with OAuth 1.0A and release to public. It should comes with fully QA-audit documentation.
It is just waste of developer time to be beta tester for Google Health API. If you have a working sample released to developer community, then it is easier for developers to debug their app. On Mon, Jun 14, 2010 at 10:30 PM, Andras Ketskes <[email protected]> wrote: > Hi Paul, > > We're using Jersey's client with their OAuth filter, but thanks for the > sample code. > > I've tried adding the permission and secure parameter, but I get the same > results (see below). I've also tried it on our production system, which uses > a callback URI with a domain registered to H9, so that shouldn't be an issue > either. > If I understand the documentation correctly, this behavior of redirecting > back to the main page of H9 is not normal, because a manual code (verifier) > should be presented in case the callback URI was not specified. I've also > tried specifying "oob" as callback to see if that gets me at least to the > verifier page, but that resulted in the exact same redirection to the main > page, too. > Also, as you can see, there is no callback URI parameter in the URI of the > authorization page unlike when using OAuth 1.0. Is this normal? It may be as > it's not sent during the authorization request... > > Best regards, > Andy > > NEW REQUEST TOKEN TRANSACTION: > GET /accounts/OAuthGetRequestToken?scope=https%3A%2F%2Fwww.google.com > %2Fh9%2Ffeeds%2F&secure=0&permission=0 > Host: www.google.com > Accept: application/x-www-form-urlencoded > Authorization: OAuth > oauth_callback="https%3A%2F%2Flocalhost%3A8181%2FBodyTrace%2Foauth.html", > oauth_signature="ONbCPOhyvNDI1vLtORClBQMmd9E%3D", oauth_version="1.0", > oauth_nonce="94393ed8-db1b-4cc9-bdbf-063f096fea81", > oauth_signature_method="HMAC-SHA1", oauth_consumer_key="www.bodytrace.com", > oauth_timestamp="1276577955" > === > 200 OK > Date: Tue, 15 Jun 2010 04:59:15 GMT > Content-Length: 110 > Expires: Tue, 15 Jun 2010 04:59:15 GMT > X-XSS-Protection: 1; mode=block > Alternate-Protocol: 443:npn-spdy/1 > Content-Type: text/plain; charset=UTF-8 > Server: GSE > Cache-Control: private, max-age=0 > X-Content-Type-Options: nosniff > > > oauth_token=CIPR97-oEhDulbrm-_____8BGMP-wKcD&oauth_token_secret=EoNdKLYw9Q7%2FvOM%2F38v2NCDQ&oauth_callback_confirmed=true > > > AUTHORIZATION URI: > https://h9.google.com/h9/oauth?oauth_token=CIPR97-oEhDulbrm-_____8BGMP-wKcD > > On Jun 15, 2010, at 12:36 AM, Paul (Google) wrote: > > > Hi Andy, > > > > I've posted some working OAuth code (Java) in the Google Apps forum > > that might be helpful. > > > > > http://www.google.com/support/forum/p/apps-apis/thread?tid=3def276558898c56&hl=en > > > > It uses HMAC-SHA1 signing, which is supported on H9 but not production > > Health. You'll need to change to RSA-SHA1 when you migrate to Health > > production as well. > > > > The only difference that I see so far is that when you're getting you > > request token, you're not including the "permission=1" (or "=0") HTTP > > GET parameter. I believe that excluding this parameter causes an > > error when trying to use the token, however. > > > > Also, I've yet to try using OAuth with the "secure=0" parameter. > > Without it, we'll need to register your domain name in the H9 system. > > If you don't get better results when including the permission > > parameter, let's give this a try. > > > > I hope this helps! Let us know how it goes! > > > > Paul (Google) > > > > P.S. Bess and Gilad... thanks a ton for your great suggestions! There > > are definitely some tweaks necessary for Health/OAuth integration. > > The Google OAuth implementation is standard, but there are certainly > > potential gotchas like the permission and secure parameters with > > Health. Great ideas! > > -- > You received this message because you are subscribed to the Google Groups > "Google Health Developers" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<googlehealthdevelopers%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/googlehealthdevelopers?hl=en. > > -- Bess Ho UI Architect / Developer / Designer iPhone Developer Silicon Valley Web Builder (SVWB) Founder The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
