shindig-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davies,Douglas" <davi...@oclc.org>
Subject Re: OAuth2 and Google Service Account
Date Thu, 21 May 2015 14:20:15 GMT
Try usesAuthorizationHeader = false and usesUrlParameter = true.

doug


On May 20, 2015, at 6:58 PM, Dan Hoffman <dan@cranestylelabs.com> wrote:

> Hello!
> 
> I'm trying to create a gadget that will show data from my Google Analytics
> account. Since I own the data, not the user, it doesn't make sense to ask
> the user for permission. I created a Service Account (which lets me make
> requests as my app instead of as a user) and am trying to implement a
> client_credentials flow.
> 
> I'm running shindig 2.5.2.
> 
> When I set up the service account, I got a client ID, client email address,
> and a JSON key file. I could also get a P12 key if that makes a difference.
> 
> My goal is to have shindig handle the OAuth2 stuff and let my gadget grab
> analytics data from my account without having to ask for any credentials.
> Is this even possible? If so, how do I set it up? Are my oauth2,json
> settings incorrect? I assume I'm supposed to put the key file somewhere
> where shindig can access it, but I don't know where, or how to tell shindig
> where to find it.
> 
> With my current settings, I get an authentication_problem error with the
> explanation "The authentication headers could not be added to the request".
> 
> I've been banging my head against this for days, so any help you could
> provide would be much appreciated!
> 
> Thanks,
> Dan
> 
> Here are the relevant pieces of my oauth2.json file:
> 
> {
>   "gadgetBindings" : {
>      "http://localhost:8080/opensocial-apps/PersonalStats.xml" : {
>         "googleAPI" : {
>            "clientName"          : "googleApi_personalStats",
>            "allowModuleOverride" : "true"
>         }
>      }
>   },
>   "clients" : {
>      "googleApi_personalStats" : {
>         "providerName"  : "googleAPI",
>         "type"          : "confidential",
>         "grant_type"    : "client_credentials",
>         "client_id"     : "MY_CLIENT_ID",
>         "client_secret" : "I_DO_NOT_HAVE_ONE"
>      }
>   },
>   "providers" : {
>      "googleAPI" : {
>        "client_authentication" : "STANDARD",
>        "usesAuthorizationHeader" : "true",
>        "usesUrlParameter" : "true",
>        "endpoints" : {
>            "authorizationUrl"  : "https://accounts.google.com/o/oauth2/auth
> ",
>            "tokenUrl"          : "
> https://accounts.google.com/o/oauth2/token"
>        }
>      }
>   }
> }
> 
> The JSON key file that looks like this:
> 
> {
>  "private_key_id": "KEY_ID_STRING",
>  "private_key": "-----BEGIN PRIVATE KEY-----\nSOME_BIG_LONG_KEY\n-----END
> PRIVATE KEY-----\n",
>  "client_email": "CLIENT_ID_STRING@developer.gserviceaccount.com",
>  "client_id": "CLIENT_ID_STRING.apps.googleusercontent.com",
>  "type": "service_account"
> }
> 
> And here's the full error:
> 
> *code:*authentication_problem
> *uri:*
> *description:*org.apache.shindig.gadgets.oauth2.OAuth2Request encountered
> an error : The client authentication is being added : can't handle error
> response code 400 , ,
> *explanation:*The authentication headers could not be added to the request.
> *trace:*



Mime
View raw message