Why might Google Fusion Tables sqlGet queries stop working after Google+ sign-in through gapi.auth? -

-

i'm writing page uses oauth 2.0 via gapi.auth.authorize authenticate google+ user , gapi.client.request run google fusion tables sqlget queries. find queries run fine before authentication, fail 403 "insufficient permission" error when run more 30 seconds after authentication.

the problem demonstrated page: https://googledrive.com/host/0b5urq1jzb1myswlou3nty2m4qnc/test3b.htm

please follow these steps:

  1. click "query" run gapi.client.request google fusion table sql-get query returning count of rows. run until oauth used in steps 2 , 3.

  2. click "start oauth" run immediate:true authorization against google+. if signed google+, user name , id displayed in third button.

  3. if google+ user name not displayed in third button, click button ("authorize") , sign google+.

  4. click "query" button again. query run without error when pressed within 30 seconds of oauth authorization. after that, query fails 403 error. why?

here source demo page:

<!doctype html> <html> <head>     <meta name="viewport" content="user-scalable=no, width=device-width, initial-scale=1.0, maximum-scale=1.0" />      <title>test3b</title>      <style type="text/css">     </style>      <script src="scripts/jquery-1.10.2.min.js" type="text/javascript"></script>      <script type="text/javascript">         var g_domisready = false;         var g_gapiisready = false;          $(function () {             log("@$(function())");             g_domisready = true;             start();         });          function gapiisready() {             log("@gapiisready");             g_gapiisready = true;             start();         }          function start() {              // make sure both gapi.client , dom (per jquery) ready.              if (!(g_gapiisready && g_domisready)) return;              // define members.              log("@start - gapi , dom ready");              var m_apikey = "aizasyavb0nhqmwypbmjrtz2zrl4wtivjzdiois";  // points google account (including google drive) @ paloalto@geodesy.net.             var m_clientid = "868768273487-q295tdfr54uvo98v74891qakcr9ci0pf.apps.googleusercontent.com";             var m_scopes = "https://www.googleapis.com/auth/plus.me";              // wire buttons.              var querybutton = document.getelementbyid('query-button');             querybutton.onclick = function () { rungetrequest(); return false; };             var startoauthbutton = document.getelementbyid('startoauth-button');             startoauthbutton.onclick = function () { startoauth(); return false; };              // set-up gapi.              gapi.client.setapikey(m_apikey);              //----------------------------------------------------------------------------             // gapi.client.request query functions.             //----------------------------------------------------------------------------              function rungetrequest() {                 log("@rungetrequest");                 var tableid = "1vzgvkyuh9uhxkqawpxg1mu8alo8mngl-sx7sp74";  // tr_tree_e                 var sql = "select count(gid) " + tableid + " gid > 50000";                 var path = "/fusiontables/v1/query";                 var restrequest = gapi.client.request({                     path: path,                     params: { 'sql': sql }                 });                 restrequest.execute(jsoncallback);             }              function jsoncallback(json) {                 log("@jsoncallback");                 var output = json.stringify(json);                 log(output);                 alert(output);             }              //----------------------------------------------------------------------------             // oauth functions.             //----------------------------------------------------------------------------              function startoauth() {                  log("@startoauth");                  var authorizebutton = document.getelementbyid('authorize-button');                 window.settimeout(checkauth, 1);  // check auth in 1 ms                  function checkauth() {                     log("@checkauth");                     gapi.auth.authorize({                         client_id: m_clientid,                         scope: m_scopes,                         immediate: true                     }, handleauthresult);                 }                  function handleauthresult(authresult) {                     log("@handleauthresult");                     if (authresult && !authresult.error) {                         log("@handleauthresult - authresult=true");                         log(authresult);  // authresult token (with 3600 second expiration).                         authorizebutton.disabled = true;                         useauthresults();                     } else {                         log("@handleauthresult - authresult=false");                         authorizebutton.disabled = false;                         authorizebutton.onclick = handleauthclick;                     }                 }                  function handleauthclick() {                     log("@handleauthclick");                     gapi.auth.authorize({                         client_id: m_clientid,                         scope: m_scopes,                         immediate: false                     }, handleauthresult);                     return false;                 }                  function useauthresults() {                     log("@useauthresults");                     // google+ user's id , name (member info).                     gapi.client.load('plus', 'v1', function () {                         log("@gapi.client.load callback");                         var request = gapi.client.plus.people.get({ 'userid': 'me' });                         request.execute(function (ainfo) {                             log("@request.execute callback");                             if (ainfo.code !== undefined) {                                 alert('google+ api returned ' + ainfo.code + ': ' + ainfo.message);                             } else {                                 // here successful sign-in.  display user name.                                 log('google+ user id, name: ' + ainfo.id + ', ' + ainfo.displayname);                                 authorizebutton.value = ainfo.displayname + " +" + ainfo.id;                             }                         });                     });                 }              }         }          function log(msg) {             if (console) console.log(msg);         }     </script>      <script src="https://apis.google.com/js/client.js?onload=gapiisready" type="text/javascript"></script>  </head>  <body>     <h1>test3a</h1>     <p>this pages demonstrates problem having using gapi.client.request gapi.auth.</p>      <input type="button" id="query-button" value="query"><br>     <input type="button" id="startoauth-button" value="start oauth"><br>     <input type="button" id="authorize-button" value="authorize"><br>      <p>steps...</p>     <p>1. click "query" run gapi.client.request google fusion table sql-get query returning     count of rows.  run until oauth used in steps 2 , 3.</p>     <p>2. click "start oauth" run immediate:true authorization against google+.  if     signed google+, user name displayed in third button.</p>     <p>3. if google+ user name not displayed in third button, press ("authorize")     , sign google+.</p>     <p>4. click "query" button again.       query run without error when pressed within 30 seconds of oauth authorization.     after that, query fails 403 error.  why?</p> </body>  </html>

please note intend use google+ sign-in track page usage specifics user, not enable fusion tables queries.

i'm new oauth , gapi.client.request may simple misunderstanding on part.
insights.

i don't have answers you, here think may help:

  1. before have user sign-in g+, gapi.client.request object adding "key=yourapikey" parameter each request.

  2. after have user sign-in g+, gapi.client.request object adding "key=yourapikey" parameter each request and sending "authorization: bearer ya.xxxxxx" header each request, representing access token user logged in.

i think reason you're seeing 403 because access token being sent server, token not include scope authorizating access fusiontables data. when no access token sent - validation not performed.

if wanted access data user owned, need have user consent give application access data including appropriate scope in gapi.auth.authorize call (e.g. "https://www.googleapis.com/auth/fusiontables").

however since don't think trying access data on behalf of specific user, think want prevent "authorization" header being sent @ during call fusion table api.

i can't see easy way prevent gapi.client.request library sending header when user logged in, alternate solution might instead create http object not using gapi.client.request library (e.g. use xmlhttprequest directly) - , manually include "key=yourapikey" in each request.

(what can't explain why you're seeing 30 seconds of differing behavior...)


Comments

Post a Comment

Popular posts from this blog

javascript - Count length of each class -

-
i have below code in this fiddle . html <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> javascript $('.myname').each(function(){ var text = $(this).html().split(' '), len = text.length, test = $(this).val().length, result = []; console.log('outside: ' + test); for( var = 0; < len; i++ ) { result[i] = '<span class="name-'+[i]+'" >' + text[i] + '</span>'; console.log('inside: ' + test); } $(this).html(result.join(' ')); console.log('after
Read more

What design pattern is this code in Javascript? -

-
this question has answer here: why write “.call(this)” @ end of javascript anonymous function? [duplicate] 4 answers what kind of design pattern , significance of using closure? (function(){ // code here }).call(this); edit then difference between above code , following this keyword still refer same object in both ways. (function(){ // code here })(); thats invoked function expression. more info here: http://benalman.com/news/2010/11/immediately-invoked-function-expression/ the purpose run code while protecting scope (so variables declared within don't leak out global scope. update call sets value of this function being applied on. without it, value set window object, there set outer scope.
Read more

hadoop - Restrict secondarynamenode to be installed and run on any other node in the cluster -

-
i have have cloudera cdh3u4 cluster setup. have secondarynamenode daemon running on 1 of nodes. i have ensure user has root access node on cluster (for example, datanode not have other daemons running) should not able start instance of secondarynamenode daemon on node (thereby having 2 secondarynamenodes on cluster) how can achieve this? thanks in advance. add property hdfs-site.xml namedfs.secondary.http.address valuesecondarynamenode-host address or ip:50090
Read more