Google API Authentication (2 Legged OAuth implementation)

[Stu]

Hi Folks,

I've created a window + Nettalk ThisWebClient proc that attempts to interact with the Google API using 2-legged OAuth implementation (https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth).

Am missing something vital, not able to get past the initial bad header errors.

Just wondering if there's anyone else who has gotten this working?

[bshields]

Hey Stu!

Hows it going?

I have google auth working using oAuth and NT. I was doing google contact, calendar Sync'ing.

I had to hack NT to support more than just POST & GET in the HTTP spec.

Sounds like that were you are up to.

Regards
Bill

[Stu]

Double hey Bill!

Yeah, pretty much I think.

Asked the question on StackOverflow - that's how desperate I was

http://stackoverflow.com/questions/11644035/google-authorization-header-incorrect-401-error

That might give you more of an idea just how clueless I am with this. Missing some vital (no doubt simple) piece of code.

[Larry Sand]

Stu, this should be close to what you need: http://msdn.microsoft.com/en-us/library/aa382379(v=vs.85)

Larry Sand

[Stu]

Hey Larry, thanks for the link!

Actually, pretty sure Cryptonite is going to be able to help me out. Can't believe I didn't think about that earlier.

[bshields]

Hi Stu,

Did a little reading and my issues with Google sync revolved around FETCH, UPDATE and DELETE which are part of the HTTP standard but not supported by NetTalk. I needed these as part of the sync function. So my comments were useless.... oops

My Google stuff does require OAuth Authentication, whereas you're is using 2-legged, which essentially doesn't.

All of this i'm sure you have figured out. So as you have do the HMAC-SHA1 encryption of URL/POST and it should work

Regards
Bill

[Stu]

Heya Bill,

Yeah, it was the actual encrypting of the secret that I was missing. My first instinct was to just whack the secret in as it is. Bad mojo!

[Stu]

Haven't managed to get this solved yet.

The problem seems to be getting a HMAC hash of  the "Secret" value.

Currently am trying to replicate the examples here (http://en.wikipedia.org/wiki/Hash-based_message_authentication_code#Examples_of_HMAC_.28MD5.2C_SHA1.2C_SHA256.29), so that I can know that I'm getting the right HMAC hash result.

[kevin plummer]

Stu did you ever get this working? I'm doing some research on OAuth as I want to connect with "Xero" and came across your post. Inspecting your code I noticed your nonce and timestamp were not formatted but I'm sure you already figured that out. Any pointers welcome...

[Stu]

Hi Kevin,

1. Formatted? Yowza .. Didn't even occur to me. Stupid brain.

2. Haven't gotten 2-legged going yet. Taken the first step and gotten a simple oauth working in our Gmail contextual gadget.

Next section of work will require me to get the 2-legged going, so I'm hoping to get into it soon (hopefully before, but probably after new years).

P.S. Early next year I'll be integrating with Xero also! We should trade notes.