10 messages in com.googlegroups.bloggerdevRe: Using PHP and Curl to build a new...| From | Sent On | Attachments |
|---|---|---|
| cam...@gmail.com | 16 Feb 2007 00:01 | |
| Pete Hopkins ☠ | 16 Feb 2007 10:03 | |
| Pete Hopkins ☠ | 16 Feb 2007 10:05 | |
| cam...@gmail.com | 16 Feb 2007 11:41 | |
| cam...@gmail.com | 16 Feb 2007 12:11 | |
| Pete Hopkins ☠ | 16 Feb 2007 14:33 | |
| cam...@gmail.com | 16 Feb 2007 15:48 | |
| Pete Hopkins ☠ | 16 Feb 2007 18:21 | |
| cam...@gmail.com | 17 Feb 2007 19:33 | |
| cam...@gmail.com | 17 Feb 2007 20:39 |
| Subject: | Re: Using PHP and Curl to build a new Blogger client |
|---|---|
| From: | cam...@gmail.com (cam...@gmail.com) |
| Date: | 02/17/2007 08:39:24 PM |
| List: | com.googlegroups.bloggerdev |
hi .
I think I have realised what I am missing.
I just did a test with an insecure session token - which worked.
Further reading into AuthSub states that I need to 'sign' the token. ( I dont want warning signs on my web app)
http://code.google.com/apis/accounts/AuthForWebApps.html#signingrequests
Now I need to work out how on earth to generate something called a 'nonce'! And the 'sig' with php. I take it the private key it talks of is the long string block in the AuthSub.xml which I registered with?
thx
On Feb 17, 2:21 am, "Pete Hopkins ☠" <phop...@google.com> wrote:
I can't debug your code for you. But if you post a dump of the HTTP traffic to and from the Blogger servers, I may be able to tell you what's wrong.
-- Pete
On 2/16/07, cam...@gmail.com <cam...@gmail.com> wrote:
I have changed that, yet still no joy.
see the process running here: presenting you with a link to request AuthSub then list blogs.
(no data is being stored at all (yet), it is simply a test to obtain all the data I need to get eventually in order to get this working)
thanks
On Feb 16, 10:33 pm, "Pete Hopkins ☠" <phop...@google.com> wrote:
I am setting scope as http://www.blogger.com/feeds/default/blogs
Scope is wrong. Check the docs / this group. I think it should just
behttp://www.blogger.com/feeds
See the php source at
at the end..
thx
There may be a bug in our docs... try without the ""s around the token. (At least, that's how my test app sends the header. It may not matter.)
Also, what scope are you using when requesting the AuthSub token?
(And just to double-check, your web app is making a backend call to exchange the token it got from the redirect for a permanent token.)
You can also go to the My Account page for your Google Account and look at the list of tokens sent out. Make sure that that is reflecting your expectations.
-- Pete
Hi,
OK. So, I am finally getting around to upgrading my web-based php blogging system to support the new version, but I am running into problems with the steps required.
I have managed to acquire the right authentication from Google to get rid of the warning on the Grant/Deny authorization page, so start with.
1. So, I lead the user through logging in through their google account to allow my system to post to their account and I get an 'AuthSub' token back.
2. I now need to get a list of blogs run by this user, in order to obtain the blogID.
- I can see how to do this by GETting
http://www.blogger.com/feeds/default/blogs
and passing through my username and password using curl_setopt($ch,
CURLOPT_USERPWD, "$blogUser:$blogPass");
, for OLD accounts, (I get the metafeed back fine that way)
BUT how can I get this user's list of blogs without asking them for their username and password again (not in a google auth form) using this token??
I have tried adding the Authorization: AuthSub token="XXXX_thetoken_XXX" to the request using:
$authHead = Array(); $authHead['Authorization'] = "AuthSub token=\"" . $token . "\""; curl_setopt($ch, CURLOPT_HTTPHEADER, $authHead);
and I get a 401 error when I try to GET that feed list url
I have a strong feeling that I am doing something completely wrong. Could anyone please possibly shed any light?
the way I see it is:
1. User wants to set up an account to post to new Blogger 2. We provide the link to the Login/Grant-Deny page from Google 3. The user logs into their Google Account - if not already 4. User grants or denies access to their Account from our system - *Granted* 5. User finds themself back on our page, with an AuthSub 'token'
6. We then need to get a list of their blogs, using this token somehow (I imagine) - without needing to get ask them for any more blogger/ google login details
7. User chooses one from the list (as was possible with the previous verison) and we store their blogID and token.
then I'm guessing our system can use the user's blogID and token to post to their blog? Am I right in saying I do not have to store the users username and password ever, to post to a blog?
The docs really don't make it that clear.
Many thanks Camoby