Using an OAuth access token to access SOAP service?
I'm currently trying to access a Google service via a Chrome extension. My understanding i开发者_运维问答s that for JS apps Google's preferred authentication mechanism is OAuth. My app currently successfully authenticates via OAuth to the service.
The preferred mechanism to query the service is via SOAP. However SOAP has it's own 'auth token' concept which is set in the body of the XML. I do not have a old-style 'ClientLogin' token to use per Google's docs.
How can I run SOAP queries using my OAuth-authenticated access token? Or should I be using different mechanism to query or authenticate?
Answering myself:
Authenticate to OAuth via the normal mechanism, ie, in JS:
var oauth = ChromeExOAuth.initBackgroundPage({
'request_url': 'https://www.google.com/accounts/OAuthGetRequestToken',
'authorize_url': 'https://www.google.com/accounts/OAuthAuthorizeToken',
'access_url': 'https://www.google.com/accounts/OAuthGetAccessToken',
'consumer_key': 'anonymous',
'consumer_secret': 'anonymous',
'scope': 'https://domain_for_your_api/',
'app_name': 'Your app name'
});
Then authenticate and run your SOAP requests as a callback:
function authenticateAndGetAlerts() {
oauth.authorize(runMyRequest);
}
The SOAP header is a smaller version of what's documented, omitting the fields that are only necessary for ClientLogin API.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://adwords.google.com/api/adwords/mcm/v201008" xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201008" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<ns1:RequestHeader xsi:type="ns2:RequestHeader">
<ns2:developerToken>Your developer token</ns2:developerToken>
<ns2:userAgent>Your app name</ns2:userAgent>
</ns1:RequestHeader>
</SOAP-ENV:Header>
Body is per normal.
Then POST this using the appropriate method (oauth.sendSignedRequest in JS) that will add the required OAuth fields to the query string:
var request = {
'method': 'POST',
'body': soapenvelope
};
oauth.sendSignedRequest(url, callback, request);
Done. If you need to do the query manually rather than use sometong like sendSignedRequest, it looks like:
servicename.google.com/where/your/service/lives?oauth_consumer_key=anonymous&oauth_nonce=something&oauth_signature=something&oauth_signature_method=HMAC-SHA1&oauth_timestamp=something&oauth_token=something
TLDR: OAuth in query string, omit all auth info from SOAP header.
精彩评论