javascript - GMail API access from chrome extension? 403 Forbidden -
i have application accesses google apis out of chrome extension via workflow outlined here.
chrome extensions oauth tutorial
the basics of workflow initialize oauth flow
var oauth = chromeexoauth.initbackgroundpage({ 'request_url': 'https://www.google.com/accounts/oauthgetrequesttoken', 'authorize_url': 'https://www.google.com/accounts/oauthauthorizetoken', 'access_url': 'https://www.google.com/accounts/oauthgetaccesstoken', 'consumer_key': '{my_client_id}', 'consumer_secret': '{my_client_secret}', 'scope': 'https://www.google.com/m8/feeds/ https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://mail.google.com/', 'app_name': 'gmail plugin', 'callback_page': 'src/google-oauth/chrome_ex_oauth.html' }); upon installing extension, user taken dialog page authenticate , agree scopes ask for. here infer consumer key , secret ok. have allowed access gmail, contacts, , admin sdk in google developers console.
prior had requests working contacts api , admin sdk api. i'm trying add features utilize gmail rest api.
the next step in setting request make request background page.
function getsentemails() { var emailcollection; var url = "https://www.googleapis.com/gmail/v1/users/me/messages"; var request = { 'method': 'get', 'parameters': { 'labelids': 'sent' } }; var callback = function(response, xhr) { emailcollection = json.parse(response); console.dir(emailcollection); } oauth.sendsignedrequest(url, callback, request); }; the way signed requests work call method complete next step of oauth dance,
oauth.authorize(function() { getsentemails(); }); this results in 403 forbidden every time. seem have no issue accessing other apis mentioned though oauth flow. i've allowed scope in manifest.json
manifest.json
"permissions": [ "tabs", "storage", "https://mail.google.com/*", "https://www.google.com/m8/feeds/*", "https://apps-apis.google.com/a/feeds/emailsettings/2.0/*", "https://www.googleapis.com/gmail/v1/users/*", "https://www.googleapis.com/auth/gmail.modify/*", "https://www.googleapis.com/auth/gmail.compose/*", "https://www.googleapis.com/auth/gmail.readonly/*", "https://www.google.com/accounts/oauthgetrequesttoken", "https://www.google.com/accounts/oauthauthorizetoken", "https://www.google.com/accounts/oauthgetaccesstoken" ] i tried alternate method of building http request outlined in link above.
function stringify(parameters) { var params = []; for(var p in parameters) { params.push(encodeuricomponent(p) + '=' + encodeuricomponent(parameters[p])); } return params.join('&'); }; function xhrgetsentemails() { var method = 'get'; var url = 'https://www.googleapis.com/gmail/v1/users/me/messages'; var params = {'labelids': 'sent'}; var callback = function(resp, xhr) { console.log(resp); } var xhr = new xmlhttprequest(); xhr.onreadystatechange = function(data) { callback(xhr, data); }; xhr.open(method, url + '?' + stringify(params), true); xhr.setrequestheader('authorization', oauth.getauthorizationheader(url, method, params)); xhr.send(); } i same 403 doing this.
i believe i'm authenticating though, because if change
xhr.setrequestheader('authorization', oauth.getauthorizationheader(url, method, params)); to
xhr.setrequestheader('authorization','foo' + oauth.getauthorizationheader(url, method, params)); i 401 unauthorized instead.
again, no trouble accessing other apis mentioned.
any input appreciated.
this question obscure, i'll share how ended resolving it.
i moved chrome extensions oauth 2.0 workflow newer (since chrome 29) chrome.identity setup apps , extensions.
detailed instructions setting oauth 2.0 extension here.
chrome identity api user authentication
now can use
chrome.identity.getauthtoken(function(token) { // http api call token }); and none of http requests come forbidden (403) anymore.
hope helpful extension builders out there!
Comments
Post a Comment