Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(127)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 6063052: Remove OAuth 1.0 support. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
13 years, 3 months ago by jcgregorio_google
Modified:
12 years, 11 months ago
Reviewers:
aiuto, naktinis, sandipshah
CC:
google-api-python-client_googlegroups.com
Visibility:
Public.

Patch Set 1 #

Patch Set 2 : refresh only docs that need to be refreshed. #

Patch Set 3 : more removals #

Patch Set 4 : don't update api specific docs #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -2294 lines) Patch
M Makefile View 1 chunk +1 line, -1 line 0 comments Download
R apiclient/ext/appengine.py View 1 chunk +0 lines, -135 lines 0 comments Download
R apiclient/ext/authtools.py View 1 chunk +0 lines, -159 lines 0 comments Download
R apiclient/ext/django_orm.py View 1 chunk +0 lines, -56 lines 0 comments Download
R apiclient/ext/file.py View 1 chunk +0 lines, -63 lines 0 comments Download
R apiclient/oauth.py View 1 chunk +0 lines, -443 lines 0 comments Download
M bin/enable-app-engine-project View 1 chunk +0 lines, -1 line 0 comments Download
R docs/apiclient.ext.appengine.html View 1 1 chunk +0 lines, -299 lines 0 comments Download
R docs/apiclient.ext.authtools.html View 1 1 chunk +0 lines, -65 lines 0 comments Download
R docs/apiclient.ext.django_orm.html View 1 1 chunk +0 lines, -249 lines 0 comments Download
R docs/apiclient.ext.file.html View 1 1 chunk +0 lines, -127 lines 0 comments Download
R docs/apiclient.oauth.html View 1 2 1 chunk +0 lines, -616 lines 0 comments Download
M runtests.sh View 1 chunk +0 lines, -1 line 0 comments Download
M setup.py View 1 chunk +0 lines, -1 line 0 comments Download
R tests/test_oauth.py View 1 chunk +0 lines, -78 lines 0 comments Download

Messages

Total messages: 10
jcgregorio_google
13 years, 3 months ago (2012-04-19 15:23:43 UTC) #1
aiuto
lgtm
13 years, 3 months ago (2012-04-22 02:21:14 UTC) #2
sandipshah
Hi Joe / Tony, I am using the google-api-client 1.0b9 with a service account. Everything ...
13 years, 3 months ago (2012-04-25 20:25:03 UTC) #3
jcgregorio_google
Committed at http://code.google.com/p/google-api-python-client/source/detail?r=f05a47e9e4439ed959cd967937554b65c53683f5 > On Saturday, April 21, 2012 7:21:14 PM UTC-7, Tony Aiuto wrote: ...
13 years, 3 months ago (2012-04-30 19:59:07 UTC) #4
naktinis
Since OAuthCredentials class and OAuth 1.0 support is removed, how do I use the existing ...
12 years, 11 months ago (2012-08-07 00:15:45 UTC) #5
jcgregorio_google
You will need to get a new client_id and client_secret from the APIs Console: https://developers.google.com/api-client-library/python/guide/aaa_oauth ...
12 years, 11 months ago (2012-08-07 01:05:19 UTC) #6
naktinis
My question was about token key and secret, not about client id and secret. Essentially ...
12 years, 11 months ago (2012-08-07 05:57:05 UTC) #7
jcgregorio_google
OAuth 1.0 is officially deprecated: https://developers.google.com/accounts/docs/RegistrationForWebAppsAuto It didn't make sense to keep OAuth 1.0 support ...
12 years, 11 months ago (2012-08-07 14:46:25 UTC) #8
naktinis
Thanks for the explanation. I am already migrating new users to OAuth 2.0. I just ...
12 years, 11 months ago (2012-08-07 17:31:01 UTC) #9
sandipshah
12 years, 11 months ago (2012-08-17 15:37:27 UTC) #10 
Hi,

What I am saying may not matter to this particular discussion.

I was debugging some 'calendar' code and had to look into what the client
code was doing.  The code that runs in the client seems to be not included
in the files that are downloaded with the client.  The code files that are
downloaded with the client are run, and then they in turn download the code
that will run to provide the services that are requested (yes, I know my
expression is not accurate in terms of computer science lingo).

In a certain sense, this makes Google's developers lives easier as no "new"
versions of client libraries need to be released upfront.  Things can keep
on changing in the background that most people would not be aware of, and
most need not be aware of.

And I am not a Python guru, but I am seeing structures that I have not seen
anywhere else.  In the 'live code', I am seeing objects defined with
methods within methods.  Until I saw that code, I was not aware that a
compiler would even allow such structures.

Unless my debugger (Eclipse with Python 2.7.3) is messed up ... or I was
smoking something, this is pretty revolutionary.

As a developer myself, this is a nightmare.

Sandip

On Tue, Aug 7, 2012 at 10:31 AM, <naktinis@gmail.com> wrote:

> Thanks for the explanation.
>
> I am already migrating new users to OAuth 2.0. I just thought it was a
> bit too early to wipe the OAuth 1.0 code altogether.
>
> But if you are not to keep backwards-compatibility for any longer, I
> can't do much about it. Just thought there would be some sensible option
> prepared for users such as myself.
>
>
> On 2012/08/07 14:46:25, jcgregorio_google wrote:
>
>> OAuth 1.0 is officially deprecated:
>>
>
>
>
https://developers.google.com/**accounts/docs/**RegistrationForWebAppsAuto<ht...
>
>  It didn't make sense to keep OAuth 1.0 support in the
>>
> google-api-python-client,
>
>> as the library will be going to GA soon, and it doesn't make sense to
>>
> go to GA
>
>> supporting a technology that's already deprecated.
>>
>
>  You can always apply this patch in reverse to add back the OAuth 1.0
>>
> support,
>
>> but there is no guarantee the google-api-python-client library will
>>
> remain
>
>> compatible, nor would the code be supported, but it might be a short
>>
> term step
>
>> you could take on the way to migrating to OAuth 2.0.
>>
>
>  On 2012/08/07 05:57:05, naktinis wrote:
>> > My question was about token key and secret, not about client id and
>>
> secret.
>
>> >
>> > Essentially I am asking whether you plan to keep backwards
>>
> compatibility in
>
>> your
>> > Python library code. Because OAuth 1.0 requests to Google services
>>
> clearly
>
>> still
>> > work. However, I can't seem to find how your Python library allows
>>
> for that.
>
>> >
>> > The old library (namely OAuthCredentials) took Token objects
>>
> (essentially a
>
>> pair
>> > of token_key and token_secret), created a HMAC_SHA1 signature and
>>
> added a
>
>> header
>> > similar to 'Authorization: OAuth realm="<realm>",
>> > oauth_consumer_key="<oauth_**consumer>", oauth_token="<oauth_token>"
>>
> ...' Well,
>
>> > the OAuth 1.0 way.
>> >
>> > The new library (namely OAuth2Credentials, and there is no
>>
> OAuth1Credentials)
>
>> > can only perform OAuth 2.0 requests with "Bearer: ..." headers.
>> >
>> > The other Google API library - gdata - supports both OAuth 1.0 and
>>
> OAuth 2.0
>
>> > requests, using OAuthHmacToken and OAuth2Token classes
>> >
>>
>
> (http://code.google.com/p/**gdata-python-client/source/**
>
browse/src/gdata/gauth.py<http://code.google.com/p/gdata-python-client/source/browse/src/gdata/gauth.py>
> ).
>
>> >
>> > Since I know OAuth 1.0 requests still work on Google APIs, and since
>>
> I have
>
>> > loads of OAuth 1.0 (token_key, token_secret) pairs, and since I know
>>
> OAuth 1.0
>
>> > is implemented in the other Python API library. My question is
>>
> whether it
>
>> could
>> > be possible to have "google-api-python-client" backwards compatible
>>
> with OAuth
>
>> > 1.0 for some time, so I wouldn't need to annoy my users forcing them
>>
> to
>
>> > authorize the app again, and wouldn't need to resort to nasty hacks
>>
> signing
>
>> the
>> > requests without your library :)
>> >
>> > On 2012/08/07 01:05:19, jcgregorio_google wrote:
>> > > You will need to get a new client_id and client_secret from the
>>
> APIs
>
>> Console:
>> > >
>> > >
>>
> https://developers.google.com/**api-client-library/python/**
>
guide/aaa_oauth<https://developers.google.com/api-client-library/python/guide/aaa_oauth>
>
>> > >
>> > > On 2012/08/07 00:15:45, naktinis wrote:
>> > > > Since OAuthCredentials class and OAuth 1.0 support is removed,
>>
> how do I
>
>> use
>> > > the
>> > > > existing (token_key, token_secret) pairs to access the data
>>
> using the new
>
>> > > > "google-api-client" code?
>> > > >
>> > > > On 2012/04/30 19:59:07, jcgregorio_google wrote:
>> > > > > Committed at
>> > > > >
>> > > >
>> > >
>> >
>>
>
> http://code.google.com/p/**google-api-python-client/**source/detail?r=**
>
f05a47e9e4439ed959cd967937554b**65c53683f5<http://code.google.com/p/google-api-python-client/source/detail?r=f05a47e9e4439ed959cd967937554b65c53683f5>
>
>> > > > >
>> > > > > > On Saturday, April 21, 2012 7:21:14 PM UTC-7, Tony Aiuto
>>
> wrote:
>
>> > > > > > >
>> > > > > > > lgtm
>> > > > > > >
>> > > > > > >
http://codereview.appspot.com/**6063052/<http://codereview.appspot.com/6063052/>
>> > > > > > >
>>
>
>
>
>
http://codereview.appspot.com/**6063052/<http://codereview.appspot.com/6063052/>
>
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b