Secure AuthSub using the Zend PHP library 1.6+


After uploading a public certificate to https://www.google.com/accounts/ManageDomains, here's how to use the Zend PHP 1.6+ library to work with secure AuthSub. This example uses the Google Health Data API
<?
function setupClient($singleUseToken = null) { 
  $client = null;  

  // Fetch a new AuthSub token?
  if (!$singleUseToken) {
    $next = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
    $scope = 'https://www.google.com/health/feeds';
    $authSubHandler = 'https://www.google.com/health/authsub';    
    $secure = 1;
    $session = 1;
    $permission = 1;  // 1 - allows posting notices && allows reading profile data
    $authSubURL =  Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session, $authSubHandler);
    
    $authSubURL .= '&permission=' . $permission;
    
    echo '<a href="' . $authSubURL . '">Link your Google Health Account</a>';
  } else {
    $client = new Zend_Gdata_HttpClient();
    
    // This sets your private key to be used to sign subsequent requests
    $client->setAuthSubPrivateKeyFile('/path/to/myrsakey.pem', null, true);

    $sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken(trim($singleUseToken), $client);
    // Set the long-lived session token for subsequent requests
    $client->setAuthSubToken($sessionToken);
  }
  return $client;
}
?>
Use this function like this:
$client = setupClient(@$_GET['token']);
if ($client) {
  // Query a feed
} else {
  exit(); // Just display the AuthSub link
}

Update:Read the new documentation on using AuthSub for PHP as well as all the other client libraries.

12 comments:

nivs said...

thanks, this was really helpful!

ptolomeo said...

I love you dude, very usefull post.

Bob said...

Do I need an $authSubHandler for youtube scope? My code works fine with $secure=0, but when $secure=1, I get an exception in getAuthSubSessionToken() -- "Invalid AuthSub header" 401.

This follows the "Allow Access" page with "Registered, secure. This website is registered with Google ..."

My code is taken from code.google.com/apis/gdata/authsub.html (PHP). Thanks!

Eric (Google) said...

Not for YouTube. You should be able to get away with:
Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session)

for requesting the token and:
$client = new Zend_Gdata_HttpClient();
$client->setAuthSubPrivateKeyFile('/path/to/myrsakey.pem', null, true);
$sessionToken =
Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken, $client);

...for uprading the token. Check that you're setting
your private key (and the file is readable) before making the exchange.

Feel free to post in the Accounts APIs forum if you have questions:
http://groups.google.com/group/Google-Accounts-API

Bob said...

Thanks Eric! All looks well in my code, but it fails. I'll post a follow-up on the Accounts-API group.

Yonas said...

I finally solved my "401 Unknown authorization header" problem:

function getAuthSubHttpClient($err_func)
{
$sToken = HTTP_Session2::get('sessionToken');

if (!isset($sToken) && !isset($_GET['token']) ){
call_user_func($err_func, "redirect");
return;
} else if (!isset($sToken) && isset($_GET['token'])) {
$client = new Zend_Gdata_HttpClient();
$client->setAuthSubPrivateKeyFile('/path/to/myrsakey.pem', null, true);

$sToken = Zend_Gdata_AuthSub::getAuthSubSessionToken(trim($_GET['token']), $client);
}

HTTP_Session2::set('sessionToken', $sToken);
$httpClient = Zend_Gdata_AuthSub::getHttpClient($sToken);
$httpClient->setAuthSubPrivateKeyFile('/path/to/myrsakey.pem', null, true);

return $httpClient;
}

function getAuthSubRequestUrl()
{
$next = 'http://example.com/login.php';
$scope = 'http://gdata.youtube.com';
$secure = true;
$session = true;
return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session);
}


The fix was to add the second call to $httpClient->setAuthSubPrivateKeyFile before return $httpClient. This allows every call to getAuthSubHttpClient() to know the private key's location, not just the first call.

Yonas said...

Also:

If your private key is password protected, you need to pass the password as the second argument to setAuthSubPrivateKeyFile().

ClearTours said...

Yonas,

Thanks for posting that update! my brain was burning up trying to figure that same problem out.

SUPER said...

ok

How to get username when you use youtube api to get authentication with authsub youtube api

Zend gdata library

kosovohp said...

Girl Xinh | Hot Girl | Cute Girl | Sexy Girl | Hot Girl Asian
Hot Girl | Lexi Belle | Sexy Girl | Cute Girl | Hot Asian Girl | Leah Dizon | Hot Girl Asian | Girl Xinh
socks proxy | socks5 | proxy free |proxy list

Kruspex said...

To get the usernamne you have to do this:

This is for Symfony2 but you can change it for your project:

$yt = new \Zend_Gdata_YouTube($httpClient,"anonymous","",$developer_key);

$username = $yt->getUserProfile("default")->username->text;

if you put "default" it returns the username that have accepted permissions.

(soyy about my english)

thanh tung said...

healthtips
healthtips
healthtips
healthtips
healthtips




socks proxy
socks proxy
socks proxy
socks proxy
socks proxy
socks proxy
socks proxy
socks proxy
socks proxy
socks proxy
check socks proxy
socks proxy
socks proxy






funnystory
funnystory
funnystory
funnystory
funnystory




funny pictures
funny pictures
funny pictures
funny pictures
funny pictures
funny pictures






Girl Xinh
Girl Xinh
Girl Xinh
Girl Xinh
Girl Xinh
Girl Xinh
Girl Xinh





cute animal
food news
internet
football news
bank news
marketing
science news
travel vietnamt
real estate vietnam
business news
music news
health news
software
seo news