Search code examples
google-app-enginegdata-api

Registering your webapp is required for Google Data APIs use?

I'm very new in appengine development and I'm trying to develop some tests apps that make use of Google Data API's.

I'm following this tutorial: http://code.google.com/apis/gdata/docs/auth/oauth.html#OAuthAuthorizeToken

  • I have some test apps on my appspot account, but I can't register these webapps as Google says, I need my own domain for use GData API's?

  • Are, key and secret, parameters that Google give to me after webapp registration?

code:

String CONSUMER_KEY = "example.com";
String CONSUMER_SECRET = "abc123doremi";

GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();
oauthParameters.setOAuthConsumerKey(CONSUMER_KEY);
oauthParameters.setOAuthConsumerSecret(CONSUMER_SECRET);
  • What is a best practice to get these values, key and secret? I was following this tuto too, Retreiving GData Feeds, and I'm confusing about the Suggested enhancements

This article slightly oversimplifies the process for the sake of clarity: in your own application, you would likely make use of the UserService in both step1 and step2 to authenticate a user. Your application would persist the request token. When a user finished the step of authorizing your application, you would fetch the request token from the datastore, upgrade it to an access token, then persist the access token key/secret pair in the datastore and associate it with the logged in user. On subsequent visits to your application by the user, you would simply check for the presence of an access token and attempt to make API calls - the user never has to go through the authorization step again unless they revoke your credentials or you delete their access token from the datastore. Describing these steps is slightly out of the scope of this article, however, they are a great set of "next steps" for developers to guide themselves towards mastering using OAuth and GData with App Engine.

I'm using UserService in the manner is explained in StockWatcher example, but I don't understand how to mix OAUTH with that.

Solution

  • a. I need my own domain for use GData API's?

    Registration is optional but recommended.
    Web applications that opt not to register with Google can still use OAuth using a lower level of security. In this case, Google does not automatically recognize the calling web application and adds a caution to the Google login page:

    enter image description here

    All calls requesting or using an OAuth token must be signed, regardless of whether your application is registered with Google or not.
    If your application is not registered, to sign the Request you will use the following key and secret:

    • consumer key: "anonymous"
    • consumer secret: "anonymous"

    2. Are, key and secret, parameters that Google give to me after webapp registration?

    Yes, once you've registered, Google will provide you with a consumer key (and secret for use with HMAC-SHA1), and a place to upload a public certificate.

    enter image description here