2

I have implemented an HTTPOperations class in Android that can successfully produce an HTTP POST request. This class extends AsyncTask so that it can run in the background.

This is used to create an HTTP request that authenticates with the Google Blogger service using the ClientLogin method (detailed here: http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html )

Recently I have run into issues where I am getting a FileNotFoundException even if I enter the correct credentials. I'm completely puzzled as just a few days ago it was working fine with correct credentials and only returning a FileNotFoundException when I entered the wrong credentials.

My questions would be:

  • Why is it returning a FileNotFoundException when I POST incorrect credentials - why does it not just return a string stating Error=BadAuthentication like it does when you access via a browser? https://www.google.com/accounts/ClientLogin

  • Why am I experiencing issues now even with the correct credentials? It may be worth noting my HTTP POST is correct, I know because if I POST to the HTTP version of CLientLogin rather than the HTTPS one, I get the HTTP 302 Moved Temporarily error page.

My HTTPOperations class is built using HttpURLConnection class in Java, I then set the headers and method of this HttpURLConnection accordingly and open a DataOutputStream to write my POST request, I then open an InputStream to retrieve the response. This is where the exception is caught if credentials incorrect (and now if they are correct).

I must stress using a different method of authentication is not a useful solution, unfortunately I must continue using this ClientLogin. It is also extremely difficult to trace in packages like Wireshark due to the call being made over HTTPS.

If you would like any code, etc, please let me know.

I call into the class (which is a singleton) using:

AsyncTask<String,Void,String> requestResult = httpOp.execute("post","https://www.google.com/accounts/ClientLogin",postData,"true","");
Tim
  • 8,932
  • 4
  • 43
  • 64

1 Answers1

3

A few notes:

  1. ClientLogin is a legacy API and is being replaced by other protocols (OAuth). Google says:

    AuthSub and ClientLogin are Google's proprietary authorization APIs, available
as an alternative to OAuth for most Google APIs. If possible, you should avoid
using these services

  2. There is a warning about ClientLogin that it might not work with all Google accounts.

  3. Instead of rolling your own, there is a Google API Client Library for Java, which is a recommended way to access Google APIs.

Peter Knego
  • 79,991
  • 11
  • 123
  • 154
  • Thanks, yeah I've read all of that. Well I can get ClientLogin to work flawlessly if I send the HTTP request in cURL, or any other prompt. I tried using Google's libraries but ALWAYS got Error=BadAuthentication. From a technical viewpoint any ideas on why? I will try the library again anyway, but I thought it ridiculous it always returning Error=BadAuthentication. – Tim Feb 23 '11 at 23:28
  • The library should work as it's from Google and it the preferred way to access the API. I can't say about the error - I don't have enough info. Maybe you should open a separate question just for that error and explain it in detail. – Peter Knego Feb 24 '11 at 09:10
  • I'll take today to look into using the library and research ClientLogin and OAuth using it. Thanks for your help. – Tim Feb 24 '11 at 11:58
  • I have managed to get it all working, and have managed to locate the reason why I always get a 'Error=BadAuthentication', perhaps you can help - if I hard-code in my username and password as strings, it succeeds, if I take them as input from the user interface and URLEncode them, it fails... any ideas why? – Tim Feb 26 '11 at 20:28
  • Take a look at HTTP requests made in both cases: http://stackoverflow.com/questions/2453949/android-emulator-how-to-monitor-network-traffic – Peter Knego Feb 26 '11 at 22:19
  • Problem is the communication is over HTTPS, I cannot read the contents of the request... – Tim Feb 26 '11 at 22:50
  • I POSTed to the Google ClientLogin over HTTP, I knew this would fail but I could still read the request (I just used Wireshark) - I had made an error in my code, it is now working perfectly. Thanks for your patience. – Tim Feb 26 '11 at 23:04