Showing posts with label authsub. Show all posts
Showing posts with label authsub. Show all posts

Secure AuthSub using the Zend PHP library 1.6+

Posted by Eric (Google) on Monday, September 15, 2008

After uploading a public certificate to https://www.google.com/accounts/ManageDomains, here's how to use the Zend PHP 1.6+ library to work with secure AuthSub. This example uses the Google Health Data API 
<?
function setupClient($singleUseToken = null) { 
  $client = null;  

  // Fetch a new AuthSub token?
  if (!$singleUseToken) {
    $next = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
    $scope = 'https://www.google.com/health/feeds';
    $authSubHandler = 'https://www.google.com/health/authsub';    
    $secure = 1;
    $session = 1;
    $permission = 1;  // 1 - allows posting notices && allows reading profile data
    $authSubURL =  Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session, $authSubHandler);
    
    $authSubURL .= '&permission=' . $permission;
    
    echo '<a href="' . $authSubURL . '">Link your Google Health Account</a>';
  } else {
    $client = new Zend_Gdata_HttpClient();
    
    // This sets your private key to be used to sign subsequent requests
    $client->setAuthSubPrivateKeyFile('/path/to/myrsakey.pem', null, true);

    $sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken(trim($singleUseToken), $client);
    // Set the long-lived session token for subsequent requests
    $client->setAuthSubToken($sessionToken);
  }
  return $client;
}
?>
Use this function like this: 
$client = setupClient(@$_GET['token']);
if ($client) {
  // Query a feed
} else {
  exit(); // Just display the AuthSub link
}

Update:Read the new documentation on using AuthSub for PHP as well as all the other client libraries.

Permalink 17 comments
Labels: , , , ,

Secure AuthSub in PHP

Posted by Eric (Google) on Saturday, July 26, 2008

A helper for sending a signed HTTP GET request in PHP.

// upgrade a single-use AuthSub token
$response = signedGET('https://www.google.com/accounts/AuthSubSessionToken', $singleUseToken);

// fetch Calendar data
$response = signedGET('http://www.google.com/calendar/feeds/default/allcalendars/full', $sessionToken); 

<?php
function signedGET($requestURL, $token) { 
  $privKeyFilePath = "../myrsakey.pem";
  $timestamp = time();
  $nonce = md5(microtime() . mt_rand()); 
  $sigalg = 'rsa-sha1';
  
  // construct the data string
  $data = "GET $requestURL $timestamp $nonce";
  
  // get rsa private key
  $fp = fopen($privKeyFilePath, "r");  
  $priv_key = fread($fp, 8192);
  fclose($fp);                                

  // compute signature
  $privatekeyid = openssl_get_privatekey($priv_key);
  openssl_sign($data, $signature, $privatekeyid, OPENSSL_ALGO_SHA1);
  openssl_free_key($privatekeyid);

  $curl = curl_init($requestURL);
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($curl, CURLOPT_FAILONERROR, true);
  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  
  // Set Authorization header 
  $sig = base64_encode($signature);
  curl_setopt($curl, CURLOPT_HTTPHEADER, array(
      "Authorization: AuthSub token=\"$token\" data=\"$data\" sig=\"$sig\" sigalg=\"$sigalg\"")
  ); 
  
  $result = curl_exec($curl);
  curl_close($curl);

  return $result;
}
?>
Permalink 6 comments
Labels: , , ,

AuthSub using PHP's libcurl

Posted by Eric (Google) on Friday, July 11, 2008 


<?
$secure = 0;
$session = 1;
$scope = 'http://www.google.com/calendar/feeds';
$next = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}";

$token = @$_GET['token'];  // only a single use token

if(!$token) {
 echo "<a href=\"https://www.google.com/accounts/AuthSubRequest?scope=$scope&session=$session&secure=$secure&next=$next\">Sign in to Google</a>";
 exit;
}

$sessionToken = upgradeToken($token);
echo "Single use token: $token\n";
echo "Session token: $sessionToken";

// TODO: get a feed

function upgradeToken($token) {
  $ch = curl_init("https://www.google.com/accounts/AuthSubSessionToken");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_FAILONERROR, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Authorization: AuthSub token="' . trim($token) . '"'
  ));

  $result = curl_exec($ch);
  curl_close($ch);

  $splitStr = split("=", $result);

  return trim($splitStr[1]);
}
?>
Permalink 2 comments
Labels: , ,

Signed AuthSub in Ruby

Posted by Jeff Fisher on Thursday, July 03, 2008

Example code for signing an AuthSub request in Ruby. Contributed by an awesome guy named Immad. Watch out for the groups linebreak in his line that starts with header =, though.
Permalink 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)