Return-Path: X-Original-To: apmail-shindig-users-archive@minotaur.apache.org Delivered-To: apmail-shindig-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A4C8917A91 for ; Wed, 20 May 2015 22:59:01 +0000 (UTC) Received: (qmail 60585 invoked by uid 500); 20 May 2015 22:59:01 -0000 Delivered-To: apmail-shindig-users-archive@shindig.apache.org Received: (qmail 60544 invoked by uid 500); 20 May 2015 22:59:01 -0000 Mailing-List: contact users-help@shindig.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@shindig.apache.org Delivered-To: mailing list users@shindig.apache.org Received: (qmail 60533 invoked by uid 99); 20 May 2015 22:59:01 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 May 2015 22:59:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id A7E81C700F for ; Wed, 20 May 2015 22:59:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 4.002 X-Spam-Level: **** X-Spam-Status: No, score=4.002 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=3, KAM_LAZY_DOMAIN_SECURITY=1, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id wNaUTUsBz6pf for ; Wed, 20 May 2015 22:58:51 +0000 (UTC) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 94BA1256F3 for ; Wed, 20 May 2015 22:58:50 +0000 (UTC) Received: by lbcmx3 with SMTP id mx3so5515633lbc.1 for ; Wed, 20 May 2015 15:58:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=6aUVGWq7DeWObq8O0k/hk8SOtEVnisceOYn2zt/g4QA=; b=BtUyM67HDMT05AZEMHtzA48p8n25XY5g9YlI2r8B53PPX+Y19YYEnbGz9RMbZAsY2T yRq0leT9Bm1VUlcVauJGGN2Lj8v8scHLFRuccEutIAzetB2er8A8fCXTKUt19KJqjzrQ T0lkNj6KPKcODn7qOYmvpnKO2KBmhh496691Lb3t2W4P7nX+euC/9iLoQzsFABrH/Hp5 odB1wcM7ois/7A3Afo8D6uGRuwcA/MoP0CLhIpk38UoZf/+T1ipMi2ZexpR4XTn0q/ew flKFY0MJVB/W5t6tMIhGkaolFfPS1v3B1rb73rcJ3nF7MAHdxWn/jxTeLiFs0ldvqsk4 Y4ag== X-Gm-Message-State: ALoCoQkN7xe369EroIDa63+ieDzjgzOvCnBhyCGyRbK2VM8InWeXLJyZpg7/91NLUIApY/YDNBFw MIME-Version: 1.0 X-Received: by 10.152.20.200 with SMTP id p8mr18140689lae.69.1432162724264; Wed, 20 May 2015 15:58:44 -0700 (PDT) Received: by 10.114.255.132 with HTTP; Wed, 20 May 2015 15:58:44 -0700 (PDT) Date: Wed, 20 May 2015 15:58:44 -0700 Message-ID: Subject: OAuth2 and Google Service Account From: Dan Hoffman To: users@shindig.apache.org Content-Type: multipart/alternative; boundary=089e01493de870d31805168b5e77 --089e01493de870d31805168b5e77 Content-Type: text/plain; charset=UTF-8 Hello! I'm trying to create a gadget that will show data from my Google Analytics account. Since I own the data, not the user, it doesn't make sense to ask the user for permission. I created a Service Account (which lets me make requests as my app instead of as a user) and am trying to implement a client_credentials flow. I'm running shindig 2.5.2. When I set up the service account, I got a client ID, client email address, and a JSON key file. I could also get a P12 key if that makes a difference. My goal is to have shindig handle the OAuth2 stuff and let my gadget grab analytics data from my account without having to ask for any credentials. Is this even possible? If so, how do I set it up? Are my oauth2,json settings incorrect? I assume I'm supposed to put the key file somewhere where shindig can access it, but I don't know where, or how to tell shindig where to find it. With my current settings, I get an authentication_problem error with the explanation "The authentication headers could not be added to the request". I've been banging my head against this for days, so any help you could provide would be much appreciated! Thanks, Dan Here are the relevant pieces of my oauth2.json file: { "gadgetBindings" : { "http://localhost:8080/opensocial-apps/PersonalStats.xml" : { "googleAPI" : { "clientName" : "googleApi_personalStats", "allowModuleOverride" : "true" } } }, "clients" : { "googleApi_personalStats" : { "providerName" : "googleAPI", "type" : "confidential", "grant_type" : "client_credentials", "client_id" : "MY_CLIENT_ID", "client_secret" : "I_DO_NOT_HAVE_ONE" } }, "providers" : { "googleAPI" : { "client_authentication" : "STANDARD", "usesAuthorizationHeader" : "true", "usesUrlParameter" : "true", "endpoints" : { "authorizationUrl" : "https://accounts.google.com/o/oauth2/auth ", "tokenUrl" : " https://accounts.google.com/o/oauth2/token" } } } } The JSON key file that looks like this: { "private_key_id": "KEY_ID_STRING", "private_key": "-----BEGIN PRIVATE KEY-----\nSOME_BIG_LONG_KEY\n-----END PRIVATE KEY-----\n", "client_email": "CLIENT_ID_STRING@developer.gserviceaccount.com", "client_id": "CLIENT_ID_STRING.apps.googleusercontent.com", "type": "service_account" } And here's the full error: *code:*authentication_problem *uri:* *description:*org.apache.shindig.gadgets.oauth2.OAuth2Request encountered an error : The client authentication is being added : can't handle error response code 400 , , *explanation:*The authentication headers could not be added to the request. *trace:* --089e01493de870d31805168b5e77--