0

I have been trying to learn OAuth (1.0) and have been testing my code by trying to access my contacts on Google. This is easy because I don't have to set up a friend/consumer relationship (Google just allows anonymous/anonymous for the consumer token) and because Google has the OAuth Playground to help me along.

So I set my code up as follows to go to

Everything seemed to be going well - I got the request token alright, authorized it fine, and was able to get an access token. I then tried to make a request to https://www.google.com/m8/feeds/contacts/default/full/

Only problem was, I kept getting this error: "401: AuthSub token has wrong scope"

I was confused by this because when I made the same request with the same consumer information in the OAuth Playground ( http://googlecodesamples.com/oauth_playground/index.php ) everything would work out alright.

Eventually, I found the following question: HTTP/1.1 401 Token invalid - AuthSub token has wrong scope

The top answer led me to my solution - there was code in one of the JARs I was using that was written to always set the port to 443 for https or 80 for http. When I stepped through my code and changed the port to -1, my request worked out fine and I was able to get the information I wanted.

Unfortunately, I'm not able to change the code in the JAR file, so I'm going to have to fix things on my end. In the answer to that question, 'Jonathan' said:

Another workaround would be to include the :443 in the token scope; it just has to match

I tried changing my request token query string to ?scope=https%3A%2F%2Fwww.google.com **%3A443** %2Fm8%2Ffeeds%2F and Google just refused to give me a request token - it gave me a 400 error saying Invalid scope: https://www.google.com:443/m8/feeds/. Changing https to http didn't do anything. How would I do what Jonathan (who hasn't been online in almost a year) suggested?

Community
  • 1
  • 1
Andrew Latham
  • 5,982
  • 14
  • 47
  • 87
  • Which jars are you using that automatically append the port? It seems like that's the part that's tripping you up... – Jason Hall Sep 13 '12 at 21:59
  • That is the part that's tripping me up, but there's no way around that. I have to work with it, somehow, and need to understand how to do that. – Andrew Latham Sep 13 '12 at 22:11

1 Answers1

0

The fact that Google's auth scopes are URLs is basically academic -- they aren't actually serving anything useful (see for yourself), so adding a port just confuses Google. So Jonathan was incorrect in his suggestion.

The only reason they even look like URLs is so that they could be expected to be universally unique (even this is only arguably true).

So don't put the :443 in your auth scope.

Jason Hall
  • 20,632
  • 4
  • 50
  • 57
  • Interesting; however, I originally had my auth scope without the :443, but then I was getting the 401 error. I noticed you work at Google, could you maybe tell me more about what Google does with the scope so I can try to understand how I need to configure it in my particular case? – Andrew Latham Sep 13 '12 at 22:15