Search code examples
rubygoogle-apps-marketplace

"401 Unauthorized" when using UpgradableApp API

We're working on our migration tool to bring existing GAMv1 users over to GAMv2, and we're getting a 401 Unauthorized, reporting that our consumer key is invalid.

We’re using Google’s APIClient ruby library, found here: https://github.com/google/google-api-ruby-client/ I’m pretty certain that we’re forwarding the same set of credentials identified in https://developers.google.com/apps-marketplace/v1migratev2, and that we’re specifying two legged OAuth 1.0 to the API. The code we’re using is below, stripped to just the authorization bits:

@client = Google::APIClient.new(
    :authorization => :two_legged_oauth_1,
    :application_name => 'App Name',
    :application_version => ‘1.0'
)

@client.authorization.client_credential_key = '%s.apps.googleusercontent.com' % Auth::Application::CONFIG['GOOGLE_GAMV1_APPLICATION_ID']
@client.authorization.client_credential_secret = Auth::Application::CONFIG['GOOGLE_GAMV1_SECRET']
@service = @client.discovered_api('appsmarket', 'v2’)

request = @client.execute(
    @service.upgradable_app.update,
    'marketplaceListingId' => Auth::Application::CONFIG['GOOGLE_GAMV1_LISTING_ID'],
    'domainName' => account.domain,
    'cwsItemId' => Auth::Application::CONFIG['GOOGLE_GAMV2_CWS_ID']
)

Looking at the logs we have yields (I've stripped out the private details, but we're virtually certain we've got the right client_id, client_secret, Listing ID, etc.):

D, [2014-08-28T14:37:17.025667 #12517] DEBUG -- : Google::APIClient - Initializing client with options {:authorization=>:two_legged_oauth_1, :application_name=>"App Name", :application_version=>"1.0"}
D, [2014-08-28T14:37:17.040994 #12517] DEBUG -- : Google::APIClient::Request Sending API request get https://www.googleapis.com/discovery/v1/apis/appsmarket/v2/rest {"User-Agent"=>"App Name/1.0 google-api-ruby-client/0.7.1 Linux/2.6.18-371.3.1.el5\n (gzip)", "Accept-Encoding"=>"gzip", "Content-Type"=>""}
D, [2014-08-28T14:37:17.202238 #12517] DEBUG -- : Decompressing gzip encoded response (2427 bytes)
D, [2014-08-28T14:37:17.202646 #12517] DEBUG -- : Decompressed (11988 bytes)
D, [2014-08-28T14:37:17.202801 #12517] DEBUG -- : Google::APIClient::Request Result: 200 {"expires"=>"Thu, 28 Aug 2014 18:42:17 GMT", "date"=>"Thu, 28 Aug 2014 18:37:17 GMT", "cache-control"=>"public, max-age=300, must-revalidate, no-transform", "etag"=>"\"FrPV2U6xXFUq8eRv_PO3IoAURkc/cQQHsn4vhpzWbmwcoTBTIElFFgs\"", "content-type"=>"application/json; charset=UTF-8", "x-content-type-options"=>"nosniff", "x-frame-options"=>"SAMEORIGIN", "x-xss-protection"=>"1; mode=block", "content-length"=>"2427", "server"=>"GSE", "alternate-protocol"=>"443:quic", "connection"=>"close"}
D, [2014-08-28T14:37:17.326157 #12517] DEBUG -- : Google::APIClient::Request Sending API request put https://www.googleapis.com/appsmarket/v2/upgradableApp/xxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxx {"User-Agent"=>"App Name/1.0 google-api-ruby-client/0.7.1 Linux/2.6.18-371.3.1.el5\n (gzip)", "Accept-Encoding"=>"gzip", "Content-Type"=>"", "Authorization"=>"OAuth oauth_consumer_key=\"xxxxxxxxxx.apps.googleusercontent.com\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"xxxxxxxxx\", oauth_nonce=\"xxxxxxxxxxxxxxxxxxxxxxxx\", oauth_version=\"1.0\", oauth_signature=\"xxxxxxxxxxxxxxxxxxx\"", "Cache-Control"=>"no-store"}
D, [2014-08-28T14:37:17.742199 #12517] DEBUG -- : Decompressing gzip encoded response (149 bytes)
D, [2014-08-28T14:37:17.742494 #12517] DEBUG -- : Decompressed (203 bytes)
D, [2014-08-28T14:37:17.742686 #12517] DEBUG -- : Google::APIClient::Request Result: 401 {"www-authenticate"=>"Bearer realm=\"https://accounts.google.com/AuthSubRequest\"", "content-type"=>"application/json; charset=UTF-8", "date"=>"Thu, 28 Aug 2014 18:37:18 GMT", "expires"=>"Thu, 28 Aug 2014 18:37:18 GMT", "cache-control"=>"private, max-age=0", "x-content-type-options"=>"nosniff", "x-frame-options"=>"SAMEORIGIN", "x-xss-protection"=>"1; mode=block", "server"=>"GSE", "alternate-protocol"=>"443:quic", "connection"=>"close", "transfer-encoding"=>"chunked"}
E, [2014-08-28T14:37:17.755822 #12517] ERROR -- : Bad request: status=401, body={"error":{"errors":[{"domain":"global","reason":"authError","message":"Invalid OAuth consumer key","locationType":"header","location":"Authorization"}],"code":401,"message":"Invalid OAuth consumer key"}}

Quite frankly, at this point we're beginning to suspect that the issue is on the provider's end -- but we'd love to be proven wrong!

Solution

  • Confirmed that it was a bug on Google's side, which has since been fixed. Thanks!