I've been spending the last few days banging my head against the wall on supporting the ability to add a contact to the Google Contacts API in my Rails 3 application. Despite many false starts, I've finally made some progress by employing the Ruby OAuth gem, and following the tutorial here: http://everburning.com/news/google-analytics-oauth-and-ruby-oh-my/
When I follow this in the console, I get further than I do in my Rails app. I can create an access token, authenticate against Google's service with the specific scope of the Contacts API, and apply the oauth_verifier token to get an access token. But when it comes time to push the data, I get this error:
response = at.post("https://www.google.com/m8/feeds/contacts/default/full", gdata)
=> #<Net::HTTPUnauthorized 401 Unknown authorization header readbody=true>
Where does the "readbody=true" header come from, and how would I get rid of it?
But it's worse in the Rails app. I have one controller action ("googlecontacts") that creates the request token and leads the user to the authentication site with Google:
def googlecontacts
#card = Card.find_by_short_link(params[:id])
#consumer = OAuth::Consumer.new(
'anonymous',
'anonymous',
{
:site => 'https://www.google.com',
:request_token_path => '/accounts/OAuthGetRequestToken',
:access_token_path => '/accounts/OAuthGetAccessToken',
:authorize_path => '/accounts/OAuthAuthorizeToken',
:signature_method => 'HMAC-SHA1',
:oauth_version => '1.0'
})
#request_token = #consumer.get_request_token(
{:oauth_callback => 'http://monkey.dev/cards/google_auth?redir='+#card.short_link},
{:scope => "https://www.google.com/m8/feeds/"}
)
session[:request_token] = #request_token
redirect_to #request_token.authorize_url
end
This appears to work; I get a working request token object, and the user is forwarded to the Google service to authenticate. The callback URL ("google_auth") should take the oauth_verifier token to create an access token. Here's the beginning of the controller:
def google_auth
#access_token = session[:request_token].get_access_token(:oauth_verifier=>params[:oauth_verifier])
And here's where it craps out. The error on that last line is:
You have a nil object when you didn't expect it!
You might have expected an instance of Array.
The error occurred while evaluating nil.[]
But the values that are in there -- the session[:request_token] and the params[:oauth_verifier] -- are present and accounted for in that action! I can't figure out what is nil here.
So I guess I need to figure out this second problem first, but bonus points for answering the first problem as well. :-)
Thanks for reading.
Aaron.
Try setting/getting the session data with a string not symbol, i.e. session["request_token"], not session[:request_token]. I know I've had that issue before in the past.
Unknown authorization header typically means that your signature didn't match what you sent. I do not recommend the oauth gem. It's full of bugs and weird issues and it doesn't properly escape certain parameters.
The Signet gem is the officially supported gem for accessing Google APIs in Ruby.
Here's how you'd implement this with Signet:
require 'signet/oauth_1/client'
require 'addressable/uri'
card = Card.find_by_short_link(params[:id])
callback = Addressable::URI.parse('http://monkey.dev/cards/google_auth')
callback.query_values = {'redir' => card.short_link}
client = Signet::OAuth1::Client.new(
:temporary_credential_uri =>
'https://www.google.com/accounts/OAuthGetRequestToken',
:authorization_uri =>
'https://www.google.com/accounts/OAuthAuthorizeToken',
:token_credential_uri =>
'https://www.google.com/accounts/OAuthGetAccessToken',
:client_credential_key => 'anonymous',
:client_credential_secret => 'anonymous',
:callback => callback
)
session[:temporary_credential] = (
client.fetch_temporary_credential!(:additional_parameters => {
:scope => 'https://www.google.com/m8/feeds/'
})
)
redirect_to(client.authorization_uri)
Related
I am stuck / block on this point, I keep on having this error message 'Code was already redeemed'
3 steps :
Getting the authorization URL (SignetLogin)
Calling it and retrieving the authorization code (SignetAuth)
Getting the refresh token and calling google API (SignetInsert)
When I try to use the API I always get this error message : Code was already redeemed'.
I ask for some help, what's wrong and where can I find some tips about it ? What did I missed ?
Thanks - Gregoire
def SignetLogin
auth = Signet::OAuth2::Client.new(
:authorization_uri => 'https://accounts.google.com/o/oauth2/auth',
:scope => 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar',
# :state => 'useful_dynamic_string', # What is that ?
:redirect_uri => 'http://localhost:3000/auth/google_oauth2/callback',
:client_id => $client_id,
:client_secret => $client_secret
)
redirect_to auth.authorization_uri.to_s
end
def SignetAuth
$code = request['code']
auth = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:redirect_uri => 'http://localhost:3000/SignetInsert',
:client_id => $client_id,
:client_secret => $client_secret,
:code => request['code']
)
end
def SignetInsert
auth = Signet::OAuth2::Client.new(
token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
redirect_uri: 'http://localhost:3000/',
# redirect_uri: 'http://localhost:3000/auth/google_oauth2/callback',
:client_id => $client_id,
:client_secret => $client_secret,
:code => $code
)
# puts auth.fetch_access_token!
calendar = Google::Apis::CalendarV3::CalendarService.new
calendar.authorization = auth
calendar_id = 'primary'
#result = calendar.list_events(calendar_id,
max_results: 10,
single_events: true,
order_by: 'startTime',
time_min: Time.now.iso8601)
end
I cant help you much with ruby but i can tell you what "Code was already redeemed' means.
When you authenticate to Google there are three steps.
User is shown a consent form
Assuming the user accepted consent an authentication code is returned to the calling client application.
The calling client exchanges the authentication code for an access token and sometimes a refresh token.
The access token can then be used to access the API. Access tokens expire after an hour and you can use a Refresh token to request a new access token.
The authentication code that you get back as part of the auth flow can only be used once to get the access token and refresh token. "Code was already redeemed' means that you are trying to use a code you have already used.
Like i said i dont know much about ruby but this might help google apis ruby client
Thanks all for your tips and answers, you gave me the way !
It's not that easy, but I did it, with your help, thanks again
So, the answer is multiple :
1/ The refresh token is not served every time, only the first time, this url allow you to dis-authorize your app and have it again in the answer
2/ this article gave some tips on how to start but definitivly down't give you the 'right' way 2
3/ As far as I understood, using a 'clean' request (see step 1)
$auth = Signet::OAuth2::Client.new and you retrieve an authorization_uri, you redirect to (don't forget to_s)
Google display it's form, asking for authorization
- Google redirect the user on your server, you retrieve the access_token and the refresh_token THE FIRST TIME ONLY (see step 1 to de-authorize and having again your refresh_token
-
and, because you (or I) just can't guess it :
$auth.code = request['code']
$auth.grant_type = 'authorization_code'
$token = $auth.fetch_access_token!
you can use your token and so on
it's not that easy but I hope facebook will not be too different
I could successfully push events into Google calendar using the below mentioned code. The below controller code refreshes token every time I try to push events. It's working fine.
class Add2gcalendarController < ApplicationController
before_filter :authenticate_user!
def push
event = {'summary' => 'Appointment','location' => 'Somewhere','start' => {'dateTime' => '2014-06-03T10:00:00.000-07:00'},'end' => {'dateTime' => '2014-06-03T10:25:00.000-07:00'}}
client = Google::APIClient.new
client.authorization.client_id =ENV["GOOGLE_KEY"]
client.authorization.client_secret = ENV["GOOGLE_SECRET"]
client.authorization.grant_type = 'refresh_token'
client.authorization.refresh_token = saved_refresh_token
client.authorization.fetch_access_token!
service = client.discovered_api('calendar', 'v3')
#result = client.execute(
:api_method => service.events.insert,
:parameters => {'calendarId' => 'primary'},
:body => JSON.dump(event), # where cal is the object containing at least "summary".
:headers => {'Content-Type' => 'application/json'})
end
My questions:
Is it a good practice to refresh token every-time i try to push events,irrespective of whether the token got expired or not?
Was there a limit on generating access tokens using refresh token?
There's really no reason to force refresh of the access token if it's not expired. Doing so is inefficient for your app (user has to wait for another HTTP call) and, taken to an extreme (refreshing constantly or for every single API call) can result in 5xx errors from Google.
If the ruby on rails library is handling refresh for you automatically I'd recommend just letting it handle the refresh for you entirely. The libraries generally are written by Googlers who know best practice of OAuth handling.
I got access for the user using twitter_auth gem. Here is the code for that.
def twitter
client = TwitterOAuth::Client.new(
:consumer_key => '******',
:consumer_secret => '********'
)
request_token = client.request_token(:oauth_callback => new_user_url)
session[:request_token] = request_token
redirect_to request_token.authorize_url
end
def new
client = TwitterOAuth::Client.new(
:consumer_key => '*****',
:consumer_secret => '******'
)
access_token = client.authorize(
session[:request_token].token,
session[:request_token].secret,
:oauth_verifier => params[:oauth_verifier]
)
#For testing purpose, i tried posting a status and its working perfectly fine
client.update('I am authorized')
end
I am confused in using twitter gem cause every example from the docs says:
Twitter.user("sferik").location // throws an error, Twitter::Error::Unauthorized: Invalid / expired Token
From friends and followers
Twitter.accept("sferik") // throws an error, Twitter::Error::Unauthorized: Invalid / expired Token
Twitter.follow("sferik") // throws an error, Twitter::Error::Unauthorized: Invalid / expired Token
All these errors makes sense, cause we are applying these methods on Class not an object. But how to create an object for this. I have a authorized user but how to take actions on his profile using token we got.
Use client instead of Twitter.
You can see here how you should do it.
I'm having some problem setting up an oauth provider with two-legged authentication.
I'm using the oauth-plugin gem and the oauth gem, everything works fine except for my "update" requests. The signature verification process keeps failing.
Here is what I'm doing:
In the client, I'm using
oauth = OAuth::AccessToken.new(OAuth::Consumer.new(app_key, app_secret, :site => #api_endpoint))
oauth.get("http://localhost/api/v1/users/1")
oauth.post("http://localhost/api/v1/users", {:email => "testemail#mysite.com"})
oauth.put("http://localhost/api/v1/users", {:tags => ["some", "new", "tags"]})
oauth.delete("http://localhost/api/v1/users/1")
get, post and delete all go through authentication fine, but update fails.
On the server side, I have my ClientApplication class set up
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
value = signature.verify
value
rescue OAuth::Signature::UnknownSignatureMethod => e
false
end
end
signature.verify fails on my update requests and passes on the other 3 requests. Anybody know what's happening?
Turns out the problem is with passing the params through the body.
I moved the params into the url with Addressable/uri, and that fixed the problem.
It's gonna be a little limiting in terms of length, but ok for now.
I am using OAuth-Ruby to do an OAuth authentication with a Tumblr application. I am able to write code that progresses through the various steps of OAuth, but I cannot get an access token or actually make a request. I can get a request key, redirect the user to Tumblr to authenticate and grant access, and receive an authenticated request key. But I can't get any farther than that.
I have registered my Tumblr application; let's assume for this question that it has provided me with the following keys:
OAuth Consumer Key: #oauth_consumer_key
Secret Key: #secret_key
(I have actual values, but I am keeping them concealed here for obvious reasons.)
I am running the following code within a controller that runs when the user submits a form, which form stores information in the #tumblog variable:
#0. provided when registering application
#key = #oauth_consumer_key
#secret = #secret_key
#site = 'http://www.tumblr.com'
#consumer = OAuth::Consumer.new(#key, #secret,
{ :site => #site,
:request_token_path => '/oauth/request_token',
:authorize_path => '/oauth/authorize',
:access_token_path => '/oauth/access_token',
:http_method => :post } )
if #consumer
#1. get a request token
#request_token = #consumer.get_request_token;
session[:request_token] = #request_token
session[:tumblog] = #tumblog
#2. have the user authorize
redirect_to #request_token.authorize_url
else
flash[:error] = "Failed to acquire request token from Tumblr."
render 'new'
end
This code gets me to the right page at Tumblr, where the user grants or denies my application access to the user's account. Assuming the user grants access, Tumblr redirects back to my application, to a callback I provided when I registered the application with Tumblr. To that point, everything works beautifully.
My OAuth callback runs the following code in the controller:
if params[:oauth_token] && params[:oauth_verifier]
#tumblog = session[:tumblog]
#request_token = session[:request_token]
#3. get an access token
#access_token = #request_token.get_access_token
. . . .
end
At Step 3, there is a problem. I cannot seem to actually get an access token with the line:
#access_token = #request_token.get_access_token
Can someone tell me what I need to do to get the access token? When I run that line, I get a OAuth::Unauthorized error.
I truly appreciate any advice. I've been Googling and trying different things for multiple days. Thanks!
i use Pelle's oauth plugin and modified it a little to support xauth like this :
require 'rubygems'
require 'oauth'
CONSUMER_KEY = 'YOUR_CONSUMER_KEY'
CONSUMER_SECRET = 'YOUR_CONSUMER_SECRET'
consumer = OAuth::Consumer.new(CONSUMER_KEY, CONSUMER_SECRET, :site => 'https://www.tumblr.com/oauth/access_token')
access_token = consumer.get_access_token(nil, {}, { :x_auth_mode => 'client_auth',
:x_auth_username => "some#email.com",
:x_auth_password => "password"})
tumblr_credentials = access_token.get('http://www.tumblr.com/api/authenticate')
puts access_token
puts access_token.token
puts access_token.secret
puts tumblr_credentials.body