Announcement Announcement Module
Collapse
No announcement yet.
Using Google API (with spring-security-oauth2.0) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Google API (with spring-security-oauth2.0)

    Dave,
    I've searched the web (specially in Google's) but could not find an answer to my issue; I thought maybe you can throw some light on...

    I want to use Google APIs, and I use oAuth client implementation of spring-sec-oAuth 2.0 (1.0.0.RC2a). After properly setting the xml (see below), I happily get a valid token and all looks good. Then, I want to use Calendar APIs (just for example).

    My (relevant) settings: (spring-servlet.xml)

    Code:
    <!--apply the oauth client context-->
    <oauth:client   id="oauth2ClientFilter" />
    
    <oauth:resource id="google" 
        type="authorization_code" 
        client-id="<my client id>" 
        client-secret="<my client secret>"
        access-token-uri="https://accounts.google.com/o/oauth2/token" 
        user-authorization-uri="https://accounts.google.com/o/oauth2/auth"
        scope="https://www.googleapis.com/auth/calendar"
        client-authentication-scheme="form"
        pre-established-redirect-uri="https://ohad.sealdoc.com/oauth2-client/hello" />
    
    <bean id="googleClientService" class="com...GoogleClientServiceImpl">
        <property name="butkeDemoRestTemplate">
            <oauth:rest-template resource="google" />
        </property>
    and the implementation class:

    Code:
    public class GoogleClientServiceImpl implements DemoService 
    {
        private RestOperations butkeDemoRestTemplate;
    
        @Override
        public String getTrustedMessage() 
        {
            String dataUri = "https://www.googleapis.com/calendar/v3/users/me/calendarList?minAccessRole=reader";
    
            Calendar service = butkeDemoRestTemplate.getForObject(dataUri, Calendar.class);
            return ...;
        }
    
    }
    Doing so ends up with:

    Request processing failed; nested exception is error="invalid_request", error_description="{errors=[{domain=usageLimits, reason=accessNotConfigured, message=Access Not Configured}], code=403, message=Access Not Configured}"

    Summary: Getting the token works, but when I try to use the API call - using OAuth2RestTemplate - it fails. When I debug I see that OAuth2RestTemplate makes the call correctly (URL is correct and it puts the token in the header) yet the call fails. Interestingly, when I try to use a REST-Client and invoke the "same" call (the URL is the same, https://www.googleapis.com/calendar/...e/calendarList, and I add a single param to the header "Authorization: Bearer ya29.AHES6ZQmzrkxxxxx....") - it works! so am I missing something here concerning OAuth2RestTemplate? Obviously something is going wrong there...

    any ideas?
    Last edited by OhadR; Nov 10th, 2012, 01:27 PM. Reason: fix: add param to the header, not to the token ...

  • #2
    I half remember that Google used to require client-authentication-scheme="form", but I don't think they do any more, and you might be finding that they are more compliant with the spec than they were before. Does the default authentication work?

    I add a single param to the token...
    I didn't understand that bit. You sent the correct data and it worked?

    Comment


    • #3
      Dave,

      I guess I was working too many hours on it, till too late... I've just figured out that I had to enable the specific service I want to use in the google-APIs.

      The Spring-oAuth works perfectly! (The drawback that I see now is that if I use Spring-oAuth in front of google-APIs, I cannot use their classes e.g. Calendar, CalendarList etc, but I have to send specific URLs each request)

      Comment


      • #4
        That is true. Spring OAuth is not supposed to be have knowledge of the remote API in business terms. It's just a RestTemplate. I suppose you might find the redirect/authentication model attractive, and if so you can always just use OAuth2RestOperations to extracdt an access token, and use that to initialize your Google native API calls.

        Comment

        Working...
        X