0

I'm probably missing something incredibly obvious here, so that's why I'm asking my question...in the hope that someone can see what I'm missing. I just learned about OAuth for the first time last week, and I'm trying to use it (in this case) to extract a contact list from someone once they've logged in and authorized it.

Here's what I tried first, using the Google .NET library:

        Sub InviteGmailContactsOld()

    Call google_api.GetClientCredentials(Vars.Server_name)
    Dim Input_URL As String = google_api.Token_Request_URL & "?scope=" & OverrideEncode("https://www.google.com/m8/feeds/") & "&oauth_callback=" & OverrideEncode(Vars.Site_Root & "my-profile/manage-connections/invite-connections/google/")
    Dim Input_URI As New Uri(Input_URL)
    Dim Authenticator As OAuth3LeggedAuthenticator = New OAuth3LeggedAuthenticator("Politistream API", google_api.Client_ID, google_api.Client_Secret, String.Empty, String.Empty)
    Dim Auth_Request As WebRequest = Authenticator.CreateHttpWebRequest("GET", Input_URI)
    Dim Final_Request As WebRequest = WebRequest.Create(Input_URI)
    Dim Auth_Headers As String = Auth_Request.Headers.ToString()
    Final_Request.Headers.Add(Auth_Headers)
    Final_Request.Method = "GET"
    Response.Write(Final_Request.Headers.ToString() & " <br />" & Final_Request.RequestUri.ToString & "<br />")
    Dim Auth_Response As String = Common.WebRequestToStringResponse(Final_Request)

End Sub

Tried this in several variations, and no matter what I did, all I got back from Google was 400 Bad Request.

Then I tried DotNetOpenAuth:

        Sub InviteGmailContacts()
    ' GMail uses openID because OAuth doesn't work properly.

    Dim openId As New OpenIdRelyingParty
    Call google_api.GetClientCredentials(Vars.Server_name)
    Dim New_URL As UriBuilder = New UriBuilder(Request.Url.ToString)
    Dim Auth_Request As IAuthenticationRequest = openId.CreateRequest(google_api.OpenID_Login_URL, New_URL.Uri, New_URL.Uri)
    Auth_Request.RedirectToProvider()

End Sub

This works, and I was able to get the claimed identifier back. The problem that I have no is that I have absolutely no idea what the heck I'm supposed to do with it, and I can't find anything anywhere that I can follow along and more or less make my own.

Ideally, what I'm looking for is a code sample that isn't necessarily complete, but is at least coherent enough that I can get where I want to go. Failing that, an explanation that's dumbed down about three shades from the normal level will suffice.

Thanks.

Andrew Arnott
  • 74,820
  • 24
  • 127
  • 163
SEFL
  • 484
  • 3
  • 15

1 Answers1

2

You're confusing OAuth, which you use in your first code snippet with Google, with OpenID which is in your second snippet. OpenID gives you, as you noticed, a "claimed identifier" which isn't good for downloading contacts -- it's good for recognizing a user when they come back later. OpenID is for authentication whereas OAuth is for authorization.

Since you want to access Google Contacts, that's an authorization scenario so you need OAuth. DotNetOpenAuth does OAuth too, and there's a sample for downloading Contacts in fact (albeit in C#).

Download dotnetopenauth and check out the OAuthConsumerWpf sample. It has a tab that demonstrates downloading Google Contacts. It uses code in the DotNetOpenAuth.ApplicationBlock sample (the class called GoogleConsumer) that will hopefully inspire you on what you can do in your app.

Andrew Arnott
  • 74,820
  • 24
  • 127
  • 163
  • OAuthConsumerWpf is a good example. But I don't know why the verification code can not be called back. User has to manually enter the verification code and click the finish button. Is it for confirmation purpose? Is there a way to make the verification code posted back to WPF form automatically. – Don Sep 08 '13 at 16:57
  • I notice that OAuthConsumerWpf is an OAuth2 project. Does that mean that verification code post back from providers is possible? – Don Sep 08 '13 at 19:55