shindig-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Hoffman <...@cranestylelabs.com>
Subject OAuth2 and Google Service Account
Date Wed, 20 May 2015 22:58:44 GMT
Hello!

I'm trying to create a gadget that will show data from my Google Analytics
account. Since I own the data, not the user, it doesn't make sense to ask
the user for permission. I created a Service Account (which lets me make
requests as my app instead of as a user) and am trying to implement a
client_credentials flow.

I'm running shindig 2.5.2.

When I set up the service account, I got a client ID, client email address,
and a JSON key file. I could also get a P12 key if that makes a difference.

My goal is to have shindig handle the OAuth2 stuff and let my gadget grab
analytics data from my account without having to ask for any credentials.
Is this even possible? If so, how do I set it up? Are my oauth2,json
settings incorrect? I assume I'm supposed to put the key file somewhere
where shindig can access it, but I don't know where, or how to tell shindig
where to find it.

With my current settings, I get an authentication_problem error with the
explanation "The authentication headers could not be added to the request".

I've been banging my head against this for days, so any help you could
provide would be much appreciated!

Thanks,
Dan

Here are the relevant pieces of my oauth2.json file:

{
   "gadgetBindings" : {
      "http://localhost:8080/opensocial-apps/PersonalStats.xml" : {
         "googleAPI" : {
            "clientName"          : "googleApi_personalStats",
            "allowModuleOverride" : "true"
         }
      }
   },
   "clients" : {
      "googleApi_personalStats" : {
         "providerName"  : "googleAPI",
         "type"          : "confidential",
         "grant_type"    : "client_credentials",
         "client_id"     : "MY_CLIENT_ID",
         "client_secret" : "I_DO_NOT_HAVE_ONE"
      }
   },
   "providers" : {
      "googleAPI" : {
        "client_authentication" : "STANDARD",
        "usesAuthorizationHeader" : "true",
        "usesUrlParameter" : "true",
        "endpoints" : {
            "authorizationUrl"  : "https://accounts.google.com/o/oauth2/auth
",
            "tokenUrl"          : "
https://accounts.google.com/o/oauth2/token"
        }
      }
   }
}

The JSON key file that looks like this:

{
  "private_key_id": "KEY_ID_STRING",
  "private_key": "-----BEGIN PRIVATE KEY-----\nSOME_BIG_LONG_KEY\n-----END
PRIVATE KEY-----\n",
  "client_email": "CLIENT_ID_STRING@developer.gserviceaccount.com",
  "client_id": "CLIENT_ID_STRING.apps.googleusercontent.com",
  "type": "service_account"
}

And here's the full error:

*code:*authentication_problem
*uri:*
*description:*org.apache.shindig.gadgets.oauth2.OAuth2Request encountered
an error : The client authentication is being added : can't handle error
response code 400 , ,
*explanation:*The authentication headers could not be added to the request.
*trace:*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message