3

I am trying to get a glass access token to post to the glass timeline from within an android application. the user is able to select some information and send that to his glass device.

String token = GoogleAuthUtil.getToken(activity, mEmail, activity.getString(R.string.glass_token_scope));

where mEmail is the google glass user's Google Account email, and scope is:

oauth2:https://www.googleapis.com/auth/glass.timeline https://www.googleapis.com/auth/glass.location https://www.googleapis.com/auth/userinfo.profile

(oauth2: ...)

I am using the Google AuthUtil and it does return an access token, too. But when I use the access token, the API responds with 401 Unauthorized:

D/demo    (10804): Response Code: 401
D/demo    (10804): {
D/demo    (10804):  "error": {
D/demo    (10804):   "errors": [
D/demo    (10804):    {
D/demo    (10804):     "domain": "global",
D/demo    (10804):     "reason": "authError",
D/demo    (10804):     "message": "Invalid Credentials",
D/demo    (10804):     "locationType": "header",
D/demo    (10804):     "location": "Authorization"
D/demo    (10804):    }
D/demo    (10804):   ],
D/demo    (10804):   "code": 401,
D/demo    (10804):   "message": "Invalid Credentials"
D/demo    (10804):  }
D/demo    (10804): }

I've successfully also setup the server-side Oauth2 flow and with the resulting access token I can successfully create a timeline post from a a little local script.

It really seems that the access token returned from the Android Authutil cannot be used with the Glass Mirror API. I checked back to the Google APIs console and see that you can create some Android specific client ids. So I created a client ID for an androdi application and also setup the simple API access for android. For the SHA1 fingerprint I used the debug certificate's SHA1.

Has anyone succeeded on getting a Glass token on Android and has been successfully making a request from the android phone with that token?

For the actual request I using a plain HttpURLConnection - could that be the issue?

        HttpURLConnection con = (HttpURLConnection)new URL(URI_TIMELINE).openConnection();
        con.setRequestMethod("POST");
        con.setDoOutput(true);
        con.setRequestProperty("Authorization", "Bearer " + token);
        con.setRequestProperty("Content-Type", "application/json");
        con.getOutputStream().write(content.toString().getBytes("UTF-8"));

Thx!

Alain
  • 6,044
  • 21
  • 27
Sven Haiges
  • 2,636
  • 5
  • 42
  • 54

1 Answers1

1

In order to get a valid OAuth 2.0 token on Android, you will need to use the Google Play Services APIs, especially the GoogleAuthUtil class.

You will also need to register your certificate on the APIs Console; I would suggest checking out the Drive SDK Quickstart for Android that describes those steps.

Alain
  • 6,044
  • 21
  • 27
  • Hi Alain, I am using the GoogleAuthUtil class -you can see it in the code snipped I posted. I also get an access token, all works so far. but when I use this access token, which was created using the correct glass scopes, I get a 401 Not Authorized from the server. – Sven Haiges Jul 22 '13 at 11:56
  • I have now switched to the server side - e.g. I pass an identifier in a call to a private proxy server and the proxy server (app engine) performs the call against the google mirror api. It works... – Sven Haiges Jul 22 '13 at 11:57
  • I've also created a oauth2 cleint id and used the settings form "installed application" - I also added the package name and the sha1 fingerprint. I guess the problem is that I then perform "manual" REST API calls. In those calls, I nowhere do set the SHA1 Fingerprint for example. I assume the Google APIs do this automtically. Is there a way to do this manually? I want to use the REST api myself, I don't want to use a provided API that does many things without my control. – Sven Haiges Jul 22 '13 at 12:02
  • Once you get the token from GoogleAuthUtil, you should be set to use it the way you want. You can also try to [validate your token](https://developers.google.com/accounts/docs/OAuth2UserAgent#validatetoken) to make sure it was issued for your Android app and not a generic app. – Alain Jul 22 '13 at 15:54