Authenticating for Google and GData

By On · Add Comment

Making changes to your data and accessing private data will require the passing of an authentication token with your requests. You need to make use of the AuthSub Interface to acquire a token.

Acquiring and manipulating tokens
The workflow of the AuthSub authentication process is nicely summarised by Google:
AuthSub workflow

AuthSubRequest - Request an authentication token

PLAIN TEXT
PHP:
  1. //Once the request is authenticated, AuthSub will redirect the user to this page.
  2. $callback_url = urlencode('<a href="http://www.mysite.com/calendar.php" class="linkification-ext" title="Linkification: http://www.mysite.com/calendar.php">http://www.mysite.com/calendar.php</a>');
  3. //Indicate for which objects or scope you wish to be authenticated for
  4. $scope = urlencode('<a href="http://www.google.com/calendar/feeds/yourgoogleacct%40gmail.com/private/full" class="linkification-ext" title="Linkification: http://www.google.com/calendar/feeds/yourgoogleacct%40gmail.com/private/full">http://www.google.com/calendar/feeds/yourgoogleacct%40gmail.com/private/full</a>');
  5. //Set to 1 if you have a registered application and wish to issue a secure token
  6. $secure = 0;
  7. //1 - the one-time-use token may be exchanged for a session token; 0 - cannot be exchanged
  8. $session = 1;
  9.  
  10. //Call the URL:
  11. $url = "<a href="https://www.google.com/accounts/AuthSubRequest?next=$callback_url&amp;scope=$scope&amp;secure=$secure&amp;session=$session" class="linkification-ext" title="Linkification: https://www.google.com/accounts/AuthSubRequest?next=$callback_url&amp;scope=$scope&amp;secure=$secure&amp;session=$session">https://www.google.com/accounts/AuthSubRequest?next=$callback_url&amp;scope=$scope&amp;secure=$secure&amp;session=$session</a>");
  12. header('Location: ' . $url);

The user will be taken to a login screen hosted on Google's end, where they will have to provide their credentials. If successful, they will be redirected back to the callback URL with a 'token' parameter in the URL's query string.

PLAIN TEXT
PHP:
  1. $authsub_token = $_GET['token'];

AuthSubSessionToken - acquire a session token
The token returned above is for one-time-use. If you are going to be making multiple token requests, it is more efficient to convert the one-time-use token to a long-lived session token.

Call AuthSubSessionToken using an HTTP GET request to https://www.google.com/accounts/AuthSubSessionToken. The request must also contain an Authorization header.

PLAIN TEXT
PHP:
  1. header('Authorization: AuthSub token="' . $token . '"');

If the request is successful, Google responds with an HTTP 200 message. The response header will contain the token in the form
Token=ASDF...8976

AuthSubTokenInfo - check the status of a given token
You can check on the status of a token by making an HTTP GET request to https://www.google.com/accounts/AuthSubTokenInfo. The request must also contain an Authorization header.

PLAIN TEXT
PHP:
  1. header('Authorization: AuthSub token="' . $token . '"');

The successful HTTP 200 response will give you 3 pieces of key information:


Target=http://www.mysite.com
Scope=http://www.google.com/calendar/feeds/yourgoogleacct%40gmail.com/private/full
Secure=true

AuthSubRevokeToken - revoke an active token
At the time of writing, session tokens do not have an expiration time. There may be cases (e.g. security has been compromised, user no longer wishes to use your service) where you wish to revoke a token.

Make an HTTP GET request to https://www.google.com/accounts/AuthSubRevokeToken. The request must also contain an Authorization header.

PLAIN TEXT
PHP:
  1. header('Authorization: AuthSub token="' . $token . '"');

If the request is successful you will receive an HTTP 200 message.

Things to keep in mind
At the time of writing, Google will only issue 10 session tokens per site per scope. This means you should keep track of, via a database, your users' tokens. They can be re-used each time the user logs in to your application. If you do not wish to store your users' tokens, and wish them to reauthenticate with Google each time they visit your application, be sure to revoke the tokens whenever they log our or if there is a period of inactivity.

Using the Zend Framework

More comprehensive examples and explanations are available here.

AuthSubRequest

PLAIN TEXT
PHP:
  1. $scope = 'http://www.google.com/calendar/feeds/yourgoogleacct%40gmail.com/private/full';
  2. $callback_url = urlencode('http://www.mysite.com/calendar.php');
  3. $secure = 0;
  4. $session = 1;
  5.  
  6. $googleURI = Zend_Gdata_AuthSub::getAuthSubTokenUri($callback_url, $scope, $secure, $session);
  7.  
  8. echo "<a href=\"$googleURI\">Click here to authorise this application to access your calendar</a>";

AuthSubToken

PLAIN TEXT
PHP:
  1. $session_token = Zend_Gdata_AuthSub::getAuthSubSessionToken($token);

Making use of your token

PLAIN TEXT
PHP:
  1. //Once you have the token you can create an authenticated HTTP Client to communicate with Google
  2. $client = Zend_Gdata_AuthSub::getHttpClient($token);
  3.  
  4. //Create a Gdata object using the authenticated client
  5. $cal = new Zend_Gdata_Calendar($client);

AuthSubRevokeToken

PLAIN TEXT
PHP:
  1. Zend_Gdata_AuthSub::AuthSubRevokeToken($token);

Share
Share →

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>