sos wrote:
> I want to use Google Calendar as the calendar application for my
> website, with my own UI being used to present the data. For this, I
> created a single user with a single calendar that the site will use.
> So, obviously I have both the username and password for this account.
< content deleted for emphasis >
>
> As far as i can see with the "Account Authentication Proxy for
> Web-Based Applications" described at
> "http://code.google.com/apis/accounts/AuthForWebApps.html";, in order to
> authenticate with the server, my site will be directed to a google page
> asking the user to authenticate with it. However, this process should
> be completely transparent to the user - they won't and shouldn't know
> the user/pass for the account backing the calendar.
>
> Therefore, my question is this: is it possible for a web application to
> automatically authenticate with Google Calendar without requesting user
> input? I'm using PHP, not one of the GData APIs.
According to that "Account Authentication Proxy..." site, and I quote:
-> "The AuthSub interface provides several methods for acquiring and
-> managing authentication tokens. Once a web application has received
-> a token, it can request access to a Google service. For information
-> on forming the access request to a Google service, see the
-> documentation for the service.
->
-> The following methods make up the AuthSub interface:
->
-> AuthSubRequest. A call to this method sends the user to a Google
-> Accounts web page, where the user is given the opportunity to log
-> in and grant Google account access to the web application. If
-> successful, Google provides a single-use authentication token,
-> which the web application can use to access the user's Google
-> service data.
->
-> AuthSubSessionToken. A call to this method allows the web
-> application to exchange a single-use token for a session token."
further into the page:
-> "The web application can opt to get a one-time use token or a
-> session token for each user, depending how often it needs to
-> get data from the Google service. A one-time use token allows
-> the application to make a single call to the Google service. A
-> session token lets the application make unlimited calls to the
-> Google service. The session token does not expire. It is assumed
-> that the application will store a session token for each user rather
-> than requesting a new one each time it needs access to a Google
-> service."
So, what you want to do, is
1) Use the web app yourself, and grant yourself access.
2) Use the AuthSub interface to change the one-use token returned from
your access grant, and get a session token.
3) Preserve the session token, and use it in your app's subsequent
requests.
I hope that makes sense to you, and if anyone else sees where I've
missed stuff, please make follow-up messages.
Black Mephistopheles
|
