<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 9/25/2012 2:05 PM, Demian Brecht
wrote:<br>
</div>
<blockquote
cite="mid:CAE+T62YBAaJquh4LnoAXwBTAj-jk3+4gEn6g8Zq_tbYuuZ9_NQ@mail.gmail.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=ISO-8859-1">
This is a shameless plug, but if you want a much easier to
understand method of accessing protected resources via OAuth2, I
have a 55 LOC client implementation with docs and examples here:<span> </span><a
moz-do-not-send="true"
href="https://github.com/demianbrecht/sanction" target="_blank">https://github.com/demianbrecht/sanction</a><span> (Google
is one of the tested providers with an access example).</span>
<div>
<br>
</div>
</blockquote>
<br>
No complaints from me if it works. Honestly I was a bit discouraged
at Google's decent lack of documentation and the quality of the
code.<br>
<br>
<blockquote
cite="mid:CAE+T62YBAaJquh4LnoAXwBTAj-jk3+4gEn6g8Zq_tbYuuZ9_NQ@mail.gmail.com"
type="cite">
<div>Are you trying to access resources client side (through
Javascript) or server side? Either way, the redirect URI *is*
important. The first step is to have your user authorize your
application using Google's authorization page. As one of the
query parameters, you must specify the redirect URI (which must
match those registered through Google's app console).</div>
<div><br>
</div>
</blockquote>
I'm trying to access it through a desktop Python application, which
made me really confused. There was something else that talked about
returning the tokens in a different way, but it talked about
returning them in the title of the webpage, and since I'd be
spawning a browser to request authorization, I'd have to write
something that would pull the window information and then parse out
the token from the title, which doesn't sound to stable.<br>
<br>
<blockquote
cite="mid:CAE+T62YBAaJquh4LnoAXwBTAj-jk3+4gEn6g8Zq_tbYuuZ9_NQ@mail.gmail.com"
type="cite">
<div>
Once the user has authorized your application, they're
redirected back to your site (via the specified redirect URI),
with a "code" attached as a query param. Once you get that code,
you must exchange that with Google's token endpoint to retrieve
the access and refresh tokens.</div>
<div><br>
</div>
</blockquote>
Awesome. I could theoretically just create a webpage on my server to
redirect people to with the query, but I'm still not quite sure how
I'd retrieve that from the desktop application.<br>
<br>
<blockquote
cite="mid:CAE+T62YBAaJquh4LnoAXwBTAj-jk3+4gEn6g8Zq_tbYuuZ9_NQ@mail.gmail.com"
type="cite">
<div>
No, it doesn't matter which library you use. Google's (imho) is
overly verbose and difficult to grok (especially for someone new
to either OAuth 2.0 or Python, or both). The client ID doesn't
need to be kept private, but the secret does. You should *never*
put this anywhere that can be read publicly.</div>
<br>
</blockquote>
I plan on storing them both in variables. It's not going to be the
best solution, but I plan to use python -O to create pyo files,
which from what I understand are harder to decompile, and it'll be
in a py2exe executable. Still not to hard to get at, but it's not
right there either.<br>
<br>
<br>
<blockquote
cite="mid:CAE+T62YBAaJquh4LnoAXwBTAj-jk3+4gEn6g8Zq_tbYuuZ9_NQ@mail.gmail.com"
type="cite">
<div class="gmail_quote">On Tue, Sep 25, 2012 at 12:04 PM,
Littlefield, Tyler <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:tyler@tysdomain.com"
target="_blank">tyler@tysdomain.com</a>></span> wrote:<br>
<blockquote class="gmail_quote">
Hello all:<br>
I've been trying to figure out the oauth2client part of
google's api, and I am really confused.<br>
It shows a flow, and even with the client flow, you need a
redirect uri. This isn't important because I just want to get
both an access and refresh token.<br>
Has anyone had any experience with this? Is it easier to use
a more developed oauth2 library to handle this? If so, can
anyone make any suggestions?<br>
<br>
If I understand everything correctly, it doesn't matter what
library I would use to work with the oauth2 protocol, so I
could break out of this workflow thing that looks like it's
more designed for web apps.<br>
Finally, they caution you about being careful about your
client id and your client secret; is there much in the way of
obviscation or something I can do to keep this secret?<span
class="HOEnZb"><br>
<br>
-- <br>
Take care,<br>
Ty<br>
<a moz-do-not-send="true" href="http://tds-solutions.net"
target="_blank">http://tds-solutions.net</a><br>
The aspen project: a barebones light-weight mud engine:<br>
<a moz-do-not-send="true"
href="http://code.google.com/p/aspenmud" target="_blank">http://code.google.com/p/aspenmud</a><br>
He that will not reason is a bigot; he that cannot reason is
a fool; he that dares not reason is a slave.<br>
<br>
-- <br>
<a moz-do-not-send="true"
href="http://mail.python.org/mailman/listinfo/python-list"
target="_blank">http://mail.python.org/mailman/listinfo/python-list</a><br>
</span></blockquote>
</div>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Take care,
Ty
<a class="moz-txt-link-freetext" href="http://tds-solutions.net">http://tds-solutions.net</a>
The aspen project: a barebones light-weight mud engine:
<a class="moz-txt-link-freetext" href="http://code.google.com/p/aspenmud">http://code.google.com/p/aspenmud</a>
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.</pre>
</body>
</html>