Error 403 al intentar acceder a Google Authsub desde la aplicación FLash (Authsub para Actionscript)

I am trying to get my Flex application to authenticate with google using the instructions here:

http://code.google.com/apis/gdata/docs/as-authsub.html

I have copied the example there and am trying to get it to work. I am running my app on a loca server so I have changed the next parameter:

authSubParams['next'] = 'http://localhost/AuthSub.html';

Getting the first token works fine but when I try to get the long lived token I get an error:

getLongLivedToken: singleUseToken: 1%2Fa...
onHttpStatus: [HTTPStatusEvent type="httpStatus" bubbles=false cancelable=false eventPhase=2 status=403 responseURL=null]
onGetTokenFailed: Error #2032: Stream Error. URL: https://accounts.googleapis.com/accounts/AuthSubSessionToken

it looks like I am getting a 403 error. Any ideas?

Whole App:

<?xml version="1.0" encoding="utf-8"?>
<s:Application 
    xmlns:fx="http://ns.adobe.com/mxml/2009" 
    xmlns:s="library://ns.adobe.com/flex/spark" 
    xmlns:mx="library://ns.adobe.com/flex/mx" 
    minWidth="955" 
    minHeight="600"
    initialize=" onInitialized() "
    applicationComplete=" onLoaded() "
    >

    <fx:Script>
        <![CDATA[

            import flash.external.ExternalInterface;
            import flash.net.navigateToURL;

            import mx.controls.Alert;

            private function onInitialized() : void {
                // Load the cross domain policy file for each of the googleapis.com
                // domains used. At the very least, we need the ones for the API (photos)
                // and the one for AuthSub for ActionScript (accounts).
                Security.loadPolicyFile('http://photos.googleapis.com/data/crossdomain.xml');
                Security.loadPolicyFile('https://accounts.googleapis.com/crossdomain.xml');
            }

            private function onLoaded() : void {
                // Once the application has loaded, check to see if an AuthSub token was
                // placed into the current page's URL. If it was, the user has already
                // authenticated, we can continue to connect to the the service itself.
                // In a real application, the long-term cookie would also be stored and 
                // checked here, to remove the need for the user to authenticate for this 
                // application every time it is used.
                var searchPortion : String = ExternalInterface.call('window.location.search.toString');

                //searchPortion = "?token=tokenSavenFromPreviousAttempt";

                if (searchPortion.length > 0) {
                    // remove the ? from the token and extract the token.
                    searchPortion = searchPortion.substring(1);

                    // NOTE: Real applications should parse the URL properly.
                    if (searchPortion.indexOf('token=') == 0) {

                        log( "token found: " + searchPortion );

                        getLongLivedToken(searchPortion.substring(6));
                        return;
                    }
                }

                // No token found; redirect the user to the AuthSub page. Note that this URL
                // is on the google.com domain. We can contact the google.com domain because
                // this isn't a request from within Flash, but rather a page redirect.
                var getTokenPage : URLRequest = new URLRequest('https://www.google.com/accounts/AuthSubRequest');

                // Construct the parameters of the AuthSub request. These are the same parameters
                // as normal AuthSub, which can be found here: http://code.google.com/apis/accounts/docs/AuthSub.html#AuthSubRequest
                var authSubParams : URLVariables = new URLVariables();
                authSubParams['scope'] = 'http://photos.googleapis.com/data'; // photos API
                authSubParams['session'] = 1; // single-use token
                authSubParams['secure'] = 0; // non-secure apps
                authSubParams['next'] = 'http://localhost/AuthSub.html'; // The URL of this app.
                //authSubParams['next'] = 'http://localhost/'; // The URL of this app.

                log( "token not found, sending AuthSubRequest" );

                getTokenPage.data =  authSubParams;
                navigateToURL(getTokenPage, '_top');
            }

            private function getLongLivedToken(singleUseToken : String) : void {
                // Construct a call to the AuthSub for ActionScript endpoint on accounts.googleapis.com.
                // This call will exchange the single use token given to use by AuthSub for a long-term
                // token that we can use to make requests to endpoints such as Photos.
                var getTokenRequest : URLRequest = new URLRequest('https://accounts.googleapis.com/accounts/AuthSubSessionToken');

                // Due to a bug in Flash, a URLRequest with a GET request will
                // not properly send headers. We therefore use POST for this and *ALL*
                // requests.
                getTokenRequest.method = URLRequestMethod.POST;

                // Due to a bug in Flash, a URLRequest without a valid parameter will
                // not properly send headers. We therefore add a useless parameter to
                // make this code work.
                getTokenRequest.data = new URLVariables('pleaseignore=ignore');

                // Add the AuthSub for ActionScript headers.
                getTokenRequest.requestHeaders.push(new URLRequestHeader('Authorization', 'AuthSub token="' + singleUseToken + '"'));

                // Create the loader to get the token itself. The loader will callback
                // to the following event handlers if and when the server responds.
                var getToken : URLLoader = new URLLoader();
                getToken.addEventListener(Event.COMPLETE, onGetTokenResult);
                getToken.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onGetTokenFailed);
                getToken.addEventListener(IOErrorEvent.IO_ERROR, onGetTokenFailed);
                getToken.addEventListener( HTTPStatusEvent.HTTP_STATUS, onHttpStatus );

                log( "getLongLivedToken: singleUseToken: " + singleUseToken );

                try {
                    getToken.load(getTokenRequest);
                } catch (e : Error) {

                    log( "error:\n" + e.message );

                    Alert.show('Some error occurred: ' + e);

                }
            }

            private function onGetTokenResult(e : Event) : void {


                // Load the parameters from the response.
                var getToken : URLLoader = URLLoader(e.target);
                var params : URLVariables = new URLVariables(getToken.data);


                // Parse the session token from the result. Real applications
                // might at this point store the token in a long-term cookie so
                // that repeated usages of the application do not require this entire
                // authentication process.
                var sessionToken : String = params.Token;

                log( "onGetTokenResult: sessionToken: " + sessionToken );

                // Trim the newline from the end of the session token.
                sessionToken = sessionToken.substring(0, sessionToken.length - 1);

                Alert.show('session token: [' + sessionToken + ']');

                // Prepare a request to the photos API for the private album
                // of the user.
                var albumRequest : URLRequest = new URLRequest('http://photos.googleapis.com/data/feed/api/user/default');
                albumRequest.data = new URLVariables('access=private&amp;v=2&amp;err=xml');

                // Due to a bug in Flash, a URLRequest with a GET request will
                // not properly send headers. We therefore use POST for this and *ALL*
                // requests.
                albumRequest.method = URLRequestMethod.POST;

                var authsubHeader : String = 'AuthSub token="' + sessionToken + '"';

                // Add the Authorization header which uses the session token.
                albumRequest.requestHeaders.push(new URLRequestHeader('Authorization', authsubHeader));

                // The X-HTTP-Method-Override header tells the Photos API to treat this request
                // as a GET request, even though it is being conducted as a POST (due to the bug
                // mentioned above). This is very important, as GData APIs will react differently
                // to different HTTP request types.
                albumRequest.requestHeaders.push(new URLRequestHeader('X-HTTP-Method-Override', 'GET'));

                // We expect ATOM XML to be returned.
                albumRequest.requestHeaders.push(new URLRequestHeader('Content-Type', 'application/atom+xml'));

                var getAlbum : URLLoader = new URLLoader();
                getAlbum.addEventListener(Event.COMPLETE, onGetAlbumResult);
                getAlbum.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onGetAlbumFailed);
                getAlbum.addEventListener(IOErrorEvent.IO_ERROR, onGetAlbumFailed);

                try {
                    getAlbum.load(albumRequest);
                } catch (e : Error) {
                    Alert.show('Some error occurred: ' + e);  
                }
            }

            private function onGetAlbumResult(e : Event) : void {
                // Load the XML from the response.
                var getAlbum : URLLoader = URLLoader(e.target);
                Alert.show('Returned XML: ' + getAlbum.data);
            }

            private function onGetTokenFailed(e : ErrorEvent) : void {
                log( "onGetTokenFailed: " + e.text );
                Alert.show('Some error occurred: ' + e);
            }

            private function onGetAlbumFailed(e : ErrorEvent) : void {
                log( "onGetAlbumFailed: " + e.text );
                Alert.show('Some error occurred: ' + e);
            }

            private function onHttpStatus(e : HTTPStatusEvent) : void {
                log( "onHttpStatus: " + e );
                Alert.show('Some error occurred: ' + e);
            }

            private function log( message : String ) : void
            {
                trace( message );

                debugOutput.text = debugOutput.text ? debugOutput.text : "";

                debugOutput.text = debugOutput.text.length == 0 ? message : debugOutput.text + "\n" + message; 
            }

        ]]>
    </fx:Script>

    <s:TextArea
        id="debugOutput"
        left="5"
        right="5"
        top="5"
        bottom="5"
        />

</s:Application>

preguntado el 08 de enero de 11 a las 15:01

2 Respuestas

Cambiar:

var searchPortion : String = ExternalInterface.call('window.location.search.toString');

a

var searchPortion : String = decodeURIComponent( ExternalInterface.call('window.location.search.toString'));

Respondido el 22 de enero de 11 a las 06:01

private function onLoaded() : void { // Once the application has loaded, check to see if an AuthSub token was // placed into the current page's URL. If it was, the user has already // authenticated, we can continue to connect to the the service itself. // In a real application, the long-term cookie would also be stored and // checked here, to remove the need for the user to authenticate for this // application every time it is used. var searchPortion : String = ExternalInterface.call('window.location.search.toString');

//searchPortion = "?token=tokenSavenFromPreviousAttempt";

if (searchPortion.length > 0) { // remove the ? from the token and extract the token. searchPortion = searchPortion.substring(1);

// NOTE: Real applications should parse the URL properly. if (searchPortion.indexOf('token=') == 0) {

  log( "token found: " + searchPortion );

  getLongLivedToken(searchPortion.substring(6));
  return;

}}

token is not properly parsed. Use var token:String = Application.application.parameters["token"]; instead;

Respondido 01 Feb 11, 17:02

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.