Support for OAuth

[GoogleCodeExporter]

A feature request here.

I have a multiple user scenario, from an installed application and as such 
require access to all GData 
APIs from any user without any user interaction.  So this is a feature request 
for OAuth.  Are there 
any plans, and if so is there any estimated timescale?  Thanks.

Original issue reported on code.google.com by snae....@gmail.com on 22 Nov 2008 at 10:08

[GoogleCodeExporter]

So, in general, you can do this already. It's not as pretty, but here is how it 
should be already working:

a) get the .NET OAuth libraries from the OAuth web site
b) use them to get your token
c) use the GDataRequest Factory object to create a custom header for your 
requests where you pass in that 
oauth token.

That SHOULD work. 

I have plans to add more elegant support for Oauth, but that won't happen 
before christmas i guess....

Frank Mantek
Google

Original comment by fman...@gmail.com on 22 Nov 2008 at 10:23

• Changed state: Accepted

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

This approach does work Frank, although the OAuth library needed a 
modification. It
also looks like I will have to implement a proper request factory so that
redirections and the like get dealt with properly.

A note on the OAuth code: the xoauth_requestor_id param (and other params I 
assume)
need URL encoding whilst building the base string and then everything gets URL
encoded when the string is complete. In the library available on oauth.net they 
are
not encoded when building the base string. One further bug is in the timestamp
generation code, where, by default it would return fractions of seconds. An 
integer
is required and so the fractions must be removed. Either of these would cause
authentication to fail for a request.

Original comment by snae....@gmail.com on 22 Nov 2008 at 9:02

[GoogleCodeExporter]

And just one last further comment - I have put together a request factory with 
the appropriate EnsureCredentials 
which also deals with redirections etc. (tested by looking at some of the 
calendar feeds which always seem to 
redirect) and all works well.  It does end up reasonably elegant: you have to 
set the key and secret within the 
request factory, but also need to ensure that the Uri used for requests has the 
correct xoauth_requestor_id 
query appended to it (using an extended Uri class, which has to be done in user 
code - which is not so great).

If you would like any of this feeding back to you, please let me know.

Original comment by snae....@gmail.com on 23 Nov 2008 at 12:11

[GoogleCodeExporter]

That is the code i wanted to write :) So if you are willing to create a patch 
file for me and go here first:

http://code.google.com/legal/individual-cla-v1.0.html

I would appreciate it.

Frank

Original comment by fman...@gmail.com on 23 Nov 2008 at 12:36

[GoogleCodeExporter]

OK, no problem - I have completed the cla and will get back to you as soon as I 
have
the response from Google.

Andy

Original comment by snae....@gmail.com on 24 Nov 2008 at 4:16

[GoogleCodeExporter]

This is checked in. 

Original comment by fman...@gmail.com on 26 Nov 2008 at 8:09

• Changed state: Fixed
• Added labels: Type-Enhancement