I'm developing an online patient portal for Clarkson Eyecare, and I am having an issue with getting permanent session tokens.
I am attempting to send a request to https://www.google.com/accounts/AuthSubSessionToken using an auth token I obtained from this page: https://www.google.com/h9/authsub?scope=https%3A%2F%2Fwww.google.com%2Fh9%2Ffeeds%2F&secure=1&session=1&permission=1&next=https%3A%2F%2Fwww.clarksoneyecare.com%2Fportal%2Fgoogle_target.php (note: the "next" target is a development page - it's not open to the public) I get the temporary, one-time auth token in our "next" page just fine. However, every time I try to use it (and signature information) to request a session token, I get an error 401. The certificate associated with the private key I'm using to generate the rsa-sha1 signature is definitely registered with our profile. I am using PHP to try to submit the data to AuthSubSessionToken. I used http://gdatatips.blogspot.com/2008/07/secure-authsub-in-php.html as a reference (it is referenced in many of these forum discussions), and my code does essentially the same thing. One thing I noticed was that it uses md5 to generate the nonce - md5 creates 128-bit results encoded in hex, NOT 64-bit base 10 integers (which the documentation says it should be). That being said, using a 64-bit long doesn't seem to work either. Since I can't seem to get a more descriptive error message, I tried to dig through the forums to see if anyone else had these same issues; if it's out there, I couldn't find it. Some people got 401 errors, but they were usually either using the Java client or Zend, and were usually issues finding or using the private key (which I'm NOT having - the signature is generated just fine). I don't want to install Zend just to do this one process that should be a fairly straightforward cURL call. Here's an example Authorization header line for the data that was sent: Authorization: AuthSub token="<auth token>" data="GET https://www.google.com/accounts/AuthSubSessionToken 1290539269 7ee5fa7cea605049d1c49c57cf136924" sig="<signature>" sigalg="rsa-sha1" with <auth token> and <signature> obviously filled in with real values. Thank you in advance for your help, Dan -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
