OAuth 1.0 Tokens with the Python Client Library


The OAuth Playground is a great tool to learn how the OAuth flow works. But at the same time it can be used to generate a “long-lived” access token that can be stored, and used later by applications to access data through calls to APIs. These tokens can be used to make command line tools or to run batch jobs.

In this example, I will be using this token and making calls to the Google Provisioning API using the Python client library for Google Data APIs. But the following method can be used for any of the Google Data APIs. This method requires the token is pushed on the token_store, which is list of all the tokens that get generated in the process of using Python client libraries. In general, the library takes care of it. But in cases where it’s easier to request a token out of band, it can be a useful technique.

Step 1: Generate an Access token using the OAuth Playground.
Go through the following process on the OAuth Playground interface:

  • Choose scope(s) of every API you want to use in your application (https://apps-apis.google.com/a/feeds/user/ for the Provisioning API) . Here you can also add scopes which are not visible in the list.
  • Choose an encryption method that is the signature method to encode your consumer credentials. (“HMAC-SHA1” is the most common)
  • Enter your consumer_key and consumer_secret in the respective text fields. The consumer_key identifies your domain and is unique to each domain.

After entering all the required details you need to press these buttons on the OAuth Playground in sequence:

  • Request token: This will call Google’s OAuth server to issue you a request token.
  • Authorize: This will then redirect you to the authorization URL where you can authorize or deny access. At this point if you deny the access you will not be able to generate the Access token. Accepting this will convert the Request token generated in the last step into an Authorized Request token.
  • Access token: Finally, this step will exchange the authorized Request token for an Access token.

After the last step the text field captioned auth_token in the OAuth Playground has the required Access token and that captioned access_token_secret has the corresponding token secret to be used later.

Step 2: Use the above token when making calls to the API using a Python Client Library.

Here is an example in Python which uses the OAuth access token that was generated from OAuth Playground to retrieve data for a user.

SIG_METHOD = gdata.auth.OAuthSignatureMethod.HMAC_SHA1

DOMAIN = “your_domain”

client = gdata.apps.service.AppsService(source=”app”, domain=DOMAIN)
client.SetOAuthInputParameters(SIG_METHOD, CONSUMER_KEY, consumer_secret=CONSUMER_SECRET)
temp_token = gdata.auth.OAuthToken(key=TOKEN, secret=TOKEN_SECRET);
temp_token.oauth_input_params = client.GetOAuthInputParameters()
#Make the API calls
user_info = client.RetrieveUser(“username”)

It is important to explicitly set the input parameters as shown above. Whenever you call SetOuthToken it creates a new token and pushes it into the token_store. That becomes the current token. Even if you call SetOauthToken and SetOAuthInputParameters back to back, it won’t set the input params for the token you set.

Help your customers stay in touch with Google Contacts

A while back we began a series of articles about integrating with Google Apps and the Google Apps Marketplace, starting with how to make a great first impression on your users. Today we’re continuing that series with an eye on collaboration and the various “people” APIs in Google Apps — Contacts, Shared Contacts, Profiles, and Provisioning.

Why contacts? Contacts data is used pervasively and makes it easier to share documents, arrange meetings, or communicate in general. It’s synced with mobile phones & email clients. Many apps in the Google Apps Marketplace use contacts to help users share projects and assign tasks to coworkers. In short, the contacts APIs act as a hub for applications and devices to share important information about the people users communicate and collaborate with the most!

Untangling the APIs

Before jumping in to how to use these APIs to make work easier for users, let’s take a step back and look at the role of each API.

Contacts API – This API provides access to an individual user’s personal contacts & is available to all users on all editions of Google Apps. Each user manages their own contacts separately.

Shared Contacts API – The shared contacts API is available only to Google Apps for Business and Education editions, and provides a way for domain administrators to manage a global address list of external (non-employee) contacts viewable by all users in the domain.

Profiles API – Like the Shared Contacts API, the profiles API is only available for Google Apps for Business and Education education, and is managed by domain administrators. But while shared contacts can be used to manage contact information for people outside the domain, the Profiles API is exclusively for managing contact information for users in the domain.

Provisioning API – A distant cousin of the others, the Provisioning API allows domain administrators to manage users, groups, and organizational units in their domain. While the full version of the API is restricted to Google Apps for Business & Education editions, all editions support a read-only view of the data and it can be a quick and easy way to discover organizational information for a domain.

Speeding Setup

As mentioned in our earlier post on creating a good initial experience, these APIs, can be a great way to help administrators set up and configure applications quickly. The provisioning API in particular is well suited to this and provides user, group, and organizational data for a domain.

Expensify uses the provisioning API to quickly configure roles and reporting relationships for submitting expense reports.

Making Users More Productive

There are a variety of ways to use the various contacts APIs to help users save time and be more productive. Project & task management apps often benefit from importing contact information to speed user entry.

Manymoon’s project management app helps users assign tasks quicker by auto-completing names as the user types.

Likewise, CRM and marketing automation apps can also speed user adoption and reduce the need for time consuming data entry by importing existing customer data stored in contacts.

Importing contacts to Bantam Live

Share and Share Alike

For applications that aim to be the system of record for contact or employee information, pushing data to Google Apps can be a big win both for users and developers. Syncing contact data with Google Apps means syncing with every other application and device that syncs as well. It allows developers to magnify the reach of their integrations and lets users access important partner data no matter what the context.

Sharing contacts with BatchBook

Full bi-directional contacts synchronization is more challenging. It can be equally rewarding. Not only does it allow users to edit contacts in context, it can enable innovative new services that seamless enhance data without disrupting how users work.

Rainmaker’s bi-directional sync automatically enhances contacts with data from social networks and other sources.

While the example so far have focused on the Contacts API and individual users, synchronization with the Shared Contacts API can provide added value for larger organizations on Google Apps for Business.

As our friends over at Manymoon wrote not too long ago, they learned three key lessons about what it takes to be successful in the Google Apps Marketplace: Appeal to a broad audience, integrate deeply, and demonstrate immediate value. Integration with contacts & provisioning APIs is a great way to do accomplish those goals that just about any app can benefit from!