OAuth 2.0 for native applications

Following our previous post on OAuth 2.0 for web applications, we are now taking a look at how to use the OAuth 2.0 authentication protocol for native applications, presenting examples for the languages that we are supporting at the moment of writing: Java and Python.
Background

We strongly recommend reading Using OAuth 2.0 to Access Google APIs to learn about the Google implementations of OAuth 2.0 before proceeding with this post.
Java

The Google APIs Client Library for Java features a powerful and easy to use OAuth 2.0 library. We can take advantage of the existing GoogleOAuth2ThreeLeggedFlow helper class to easily perform our authentication flow.

First create an instance of GoogleOAuth2ThreeLeggedFlow, passing the following parameters to the constructor:

  • a key that will be used to associate this flow object with an end user
  • the Client ID for your application
  • the Client Secret for your application
  • the scope you are requesting access to (AdSense in your case)
  • the URI to redirect to
GoogleOAuth2ThreeLeggedFlow authFlow = new GoogleOAuth2ThreeLeggedFlow(
  userId, 
  "INSERT_CLIENT_ID_HERE", 
  "INSERT_CLIENT_SECRET_HERE", 
  "https://www.googleapis.com/auth/adsense", 
  "urn:ietf:wg:oauth:2.0:oob");

For native applications, we use a special redirect URI:

"urn:ietf:wg:oauth:2.0:oob"

The “oob” part stands for “out of band” and the rest of the string identifies it as a part of the OAuth 2.0 standard.

When we use this redirect URI, instead of redirecting the user’s browser to a page on our site with an authorization code, Google will display a page and the authorization code or error response in the title of the page. A text field contained in the page will show instructions for the user to copy and paste it into our application.

To start the flow, let’s ask the user to load the authorization URL in their browser:

System.out.println(“Please input authorization code: ”);
Scanner in = new Scanner(System.in);
String authorizationCode = in.nextLine();

The last step is to use the authorization code to obtain an access token.

First you’ll need to initialize a transport for communication with the Authorization server and a factory for handling JSON, as the access token will be returned as a JSON object:

JsonFactory factory = new JacksonFactory();
HttpTransport transport = new NetHttpTransport();
authFlow.setHttpTransport(transport);
authFlow.setJsonFactory(factory);

Now you can finalize the authentication flow by obtaining credentials for your user, and then use those credentials to create the Adsense helper object and then send your signed requests to the API:

Credential credential = authFlow.complete(authorizationCode);
Adsense adsense = new Adsense(transport, credential, factory);
AdClients adClients = adsense.adclients.list().execute();

Python

The home of the Google APIs Client Library for Python is also the home of OAuth2Client, a library designed for connecting to resources protected by OAuth 2.0.

First create an OAuth2WebServerFlow object, passing the following parameters to the constructor:

  • the Client ID for your application
  • the Client Secret for your application
  • the scope you are requesting access to (AdSense in your case)
  • an HTTP User-Agent to identify this application
flow = OAuth2WebServerFlow(
  client_id='INSERT_CLIENT_ID_HERE',
  client_secret='INSERT_CLIENT_SECRET_HERE',
  scope='https://www.googleapis.com/auth/adsense',
  user_agent='your-beautiful-python-app/1.0')

We can perform the authentication calling the ‘run’ function imported from oauth2client.tools, storing the authentication data using a Storage object:

storage = Storage(‘adsense.dat’);
credentials = run(flow, storage);

If the flag ‘auth_local_webserver’ is raised (the default setting), oauth2client.tools will open the authentication URL on a running browser or on the system default browser. After the user performs the authentication, the authorization code will be read from the title of the page shown in the browser. If you don’t want this behaviour, you can disable it like this:

import gflags
gflags.FLAGS.auth_local_webserver = False

In this way we’ll have a flow similar to the one that we have seen in Java: the user will be asked to open the authentication URL in a browser window and then to copy and paste the authorization code back in the application. The only difference is that oauth2client.tools will take care of printing these messages and read the input from the user for us.

The last step is create an httplib2.Http object, authorize it with the previously obtained credentials and then send a request to the API:

http = httplib2.Http()
http = credentials.authorize(http)
service = build(‘adsense’, ‘v1’, http=http)
result = service.adclients().list().execute()

Cool! But I want to know more!

In this post we have seen examples of how to authenticate your native application using the Google implementation of the OAuth 2.0 protocol and the libraries that we are providing to simplify all of the tasks involved.

Now that we know how to perform authentication for both web and native applications, in my next post we are going to see different ways of storing the authentication data.

SketchUp: U.S. Green Building Council’s headquarters

 

You could call our friends at Igloo Studios “multi-taskers”. While they mainly concentrate on creating products and plugins for designers and architects, they also have a podcast, a SketchUp training program and a popular book.

Their latest project is a virtual tour of the U.S. Green Building Council’s headquarters in Washington, D.C. (Note: you’ll need the Google Earth plugin installed to view).

This project is cool for lots of reasons. For starters, USGBC’s 75,000-square-foot facility is loaded with efficient and innovative green features that have earned the building a LEED Platinum rating. Professionals regularly tour the USGBC for real-world examples of successful green practices.

 

However, not everyone has the luxury of being able to visit Washington DC, so Igloo Studios built this one-of-a-kind Google Earth tour of the building. Using a custom instance of the Google Earth plugin and building product catalogs from the 3D Warehouse, Igloo was able to create a tour of both the exterior and interior of the building! 

As you navigate through the 3D building, you’ll notice it’s jam-packed with other goodies like a guided audio tour, photos and embedded videos. You can even click on the building’s materials and products to learn more about the green tech used in its construction.Once you finish the tour, you can launch a test that will earn you the same continuing education credits that you would get for taking the live tour.

And the coolest feature of all: if you find a building product during the tour that might be useful in one of your projects, you can download it directly into your SketchUp design!

 

Learn about building materials and then bring them into your model 

If you’re interested in learning more about how your products or buildings can be visualized in this way.

The SketchUp Halloween Challenge

With Halloween just a few weeks away, nerds here in the Google Boulder office are in a tizzy about their costumes. We take this particular holiday very seriously.

A haunted house I modeled years ago, with two pumpkins by IDW. He modeled them for SketchUp Island’s Pumpkin Patch collection on the 3D Warehouse.

 

This year, we thought it might be fun to host a SketchUp Halloween Challenge for folks who are looking for something to do in their spare time. The nitty gritty:

Categories

There are two: Use SketchUp to model either a jack-o’-lantern or a haunted house. Or both.

How to submit an entry

  1. Upload your model to the 3D Warehouse and make sure it’s publicly-downloadable.
  2. Upload between two and ten images of your model to a public photo sharing site like Picasaweb. You can use any photo sharing site you like, but make sure your images are grouped into an album by themselves. Images should be at least 1000 pixels wide or tall, depending on their orientation.
  3. Fill out the Challenge Submission Form, including links to both your model on the 3D Warehouse and your album of online images.

Judging

On Friday, October 28th, a group of us from the SketchUp team will get together to review the entries. We’ll be looking mostly at the images you submit; models will be examined when we’re picking the top three entries in each category. For an idea of what we’ll be looking for, consider these points:

  • Displays of SketchUp expertise are always impressive.
  • Anything that makes us say (out loud) “How’d he/she DO that?!!” is worth extra points.
  • We don’t want to see anything you wouldn’t show your grandma or your kids.
  • Beverages will almost certainly be involved in the judging process.

Multiple Entries

Submit as many models as you like, but fill out a separate entry form for each one. The more the ghastlier!

Rendering Rules

You can (if you like) include photo-rendered images of your model with the images you submit. You have to have at least one unrendered image, though; we’d like to see your work in its purest, SketchUp-only state.

Deadline

The deadline for submissions is 11:59 PM PST on Thursday, October 27th 2011.

Prizes

For fun little modeling challenges like this one, we prefer to keep things simple. Instead of prizes, we’ll publish our favorite entries right here on this blog, on October 31st. The best three models from each of the two categories (pumpkins and houses) will be featured in the November edition of the SketchUpdate newsletter, which goes to millions of people around the world.

Why no fancier prizes? When companies host big, international competitions, it takes months for their lawyers to figure everything out. On top of that, people from certain places (like Quebec and Brazil) end up being excluded because of specific laws that apply only to them. Ugh.

Other Stuff

If you’d like a blank pumpkin to start with, this collection contains a few. Other questions about the Challenge? Please ask ‘em in the Comments for this post.