api requests are not working, bad request

[tompata]

We're try to use gplus, but after a successfull oauth process, the normal api requests are not working:

Gplus Client: #<Gplus::Client:0x6aa9780 @oauth_client=#<OAuth2::Client:0x6aa95c8 @site="https://www.googleapis.com/plus", @id="XXX", @secret="XXX", @options={:token_method=>:post, :connection_opts=>{}, :connection_build=>nil, :max_redirects=>5, :raise_errors=>true, :authorize_url=>"https://accounts.google.com/o/oauth2/auth", :token_url=>"https://accounts.google.com/o/oauth2/token"}>, @token_expires_at=1325083620, @token="XXX, @redirect_uri="XXX", @refresh_token="XXX", @client_secret="XXX", @client_id="XXX", @api_version="v1", @endpoint="https://www.googleapis.com/plus", @api_key=nil>

Gplus access token: MISSING!

Oauth error: #<OAuth2::Error: OAuth2::Error>

Oauth response: #<OAuth2::Response:0x6a97a58 @error=#<OAuth2::Error: OAuth2::Error>, @parsed={"error"=>{"code"=>400, "errors"=>[{"domain"=>"global", "reason"=>"badRequest", "message"=>"Bad Request"}], "message"=>"Bad Request"}}, @response=#<Faraday::Response:0x6a97a80 @env={:response=>#<Faraday::Response:0x6a97a80 ...>, :response_headers=>{"x-content-type-options"=>"nosniff", "x-frame-options"=>"SAMEORIGIN", "expires"=>"Wed, 28 Dec 2011 14:09:57 GMT", "content-type"=>"application/json; charset=UTF-8", "connection"=>"close", "date"=>"Wed, 28 Dec 2011 14:09:57 GMT", "x-xss-protection"=>"1; mode=block", "server"=>"GSE", "cache-control"=>"private, max-age=0"}, :request_headers=>{}, :status=>400, :request=>{:proxy=>nil}, :method=>:get, :parallel_manager=>nil, :url=>#<Addressable::URI:0x355221c URI:https://www.googleapis.com/plus/v1/people/115135253293279523949?key=>, :ssl=>{}, :body=>"{\n "error": {\n "errors": [\n {\n "domain": "global",\n "reason": "badRequest",\n "message": "Bad Request"\n }\n ],\n "code": 400,\n "message": "Bad Request"\n }\n}\n"}, @on_complete_callbacks=[]>, @options={:parse=>nil}>

May be the API has changed?

Thanks,
Tamas

[nfm]

Hi @tompata, can you please post the code that's in your OAuth callback handler? And your code for when you initialize a Gplus client with a stored OAuth token? Thanks :)

I'm working on a Rails example app using Gplus at the moment that might be helpful too. I will link to it soon.

[tompata]

Hi @nfm, here's the callback (in the controller):

def googleplus_callback
access_token = @gplus.authorize(params[:code])
current_user.googleplus_offline_access_token = access_token.token
current_user.googleplus_token_expires_at = access_token.expires_at
current_user.googleplus_refresh_token = access_token.refresh_token
current_user.save
redirect_to profile_path(current_user)
end

And this is where I initalize the client:

  @gplus = Gplus::Client.new(
    :token => @user.googleplus_offline_access_token,
    :refresh_token => @user.googleplus_refresh_token,
    :token_expires_at => @user.googleplus_token_expires_at,
    :client_id => GooglePlusConf::APP_ID,
    :client_secret => GooglePlusConf::SECRET,
    :redirect_uri => GooglePlusConf::REDIRECT_URL
  )                                                                                                                                                                                   
  access_token = @gplus.authorize(@user.googleplus_offline_access_token, GooglePlusConf::REDIRECT_URL)
  @person = @gplus.get_person('XXXX')

The example rails app is working at you, right now?

Thanks
Tamas

[tompata]

I'm using gplus gem v1.0.0, oauth2 v0.5.1

[tompata]

And there was another issue with the refresh token. Google only gives back refresh token when i send the 'access_type=offline' request parameter with the authorize url.

http://code.google.com/apis/accounts/docs/OAuth2WebServer.html#formingtheurl

[nfm]

@tompata Thanks for the bug reports.

I will push the Rails example app later today. In the meantime, your code is good, except you are calling @gplus.authorize unnecessarily in your second block of code. You only need to call authorize in your oauth callback action. This gets you your token, refresh_token and token_expires_at, which are then used for actual API requests.

If you remove the line access_token = @gplus.authorize(@user.googleplus_offline_access_token, GooglePlusConf::REDIRECT_URL), your get_person call should work ok. Does that solve the OAuth exception? If so, do you have any tips for how I could make the documentation more clear?

You're right, there is also an issue with the refresh token. It seems like Google has changed the default access_type from offline to online.

The documentation at http://code.google.com/apis/accounts/docs/OAuth2WebServer.html has conflicting information. In the "Forming the URL" section, it states "This parameter defaults to online". But in the "Offline Access" section, it states "Offline is currently the default (and only) option for web server applications. This default will change soon to online. This section describes how to request offline access after this change." I believe it has actually already been changed to default to online.

I will update gplus so that the authorize_url method makes it easier to pass extra parameters, including access_type. I'll check back here when the new version is up.

[tompata]

Hi @nfm,

thanks for the details and the new gem version! it's getting better :)
now it's working with online access token, but when i try to append the access_type=offline parameter, the url gets wrong:

@auth_url = @gplus.authorize_url(:access_type => 'offline')
->
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.me&response_type=code&client_id=926856390010.apps.googleusercontent.com&redirect_uri=access_typeoffline

[nfm]

Hi @tompata,

I've just released gplus 2.0.0 and an example Rails app. 2.0.0 should fix #1 and #2. Please let me know if it does or not.

2.0.0 includes some breaking API changes, which is why I've bumped the major version. They tidy up some discrepancies, and make it possible to pass more options through to OAuth2. Take a look at the CHANGELOG for full details about how to migrate from 1.0.x to 2.0.0. Basically, you'll need to:

• Call get_token instead of authorize
• Call authorize_url with a hash argument instead of just a redirect_uri
• Call search_people and search_activities with your query as the first argument, followed by a hash of options.

Let me know if you need any help. I've updated the documentation to reflect these changes. Thanks for being an early user!

[tompata]

Hi @nfm,

mega thanks for the new release, it's working now and fixed our issues!

in your example rails app, there's a mistype, here:
https://github.com/nfm/gplus-rails-demo/blob/master/app/controllers/oauth_controller.rb
at line 7, you still call @gplus.authorize(params[:code]) instead of get_token :)

and another important "notice", which is connected to oauth2:
developers must call get_token with the same redirect_uri parameter as in authorize_url!

and a small suggestion: you should give some debugging / logging option to developers, because debugging is very difficult now

thanks again,
Tamas