Why Authorization Http Header is not accepted ?

[paolo.soto.pino]

I want develop a widget to retrieve the contacts of a GMail account, but is required the use of the Authorization Header in the XMLHttpRequest.

Someone knows why this header is not accepted in WRT ?

Some alternative or just wait to be implemented in further versions ?

Thanks.

[isalento]

Welcome to Forum!

What phone are you using? (model and software (enter *#0000# into dialer)

At least gmail atom feed is working with N97.

Either by using

Code:

ajaxrequest.open("get", url, true, username, password);

or

Code:

ajaxrequest.open("GET", url,true);
ajaxrequest.setRequestHeader("Authorization", "Basic "+ Base64.encode(username+":"+password));

-Ilkka

[paolo.soto.pino]

Hi,

Model : 5530 XpressMusic
Sw : 10.0.050

The first alternative works fine for GMail, but not for retrieve contacts.

The second way don't work.

Thanks for reply.

[isalento]

Ok.

Could you tell which API you are using and possible share some code?
That would make it easier to trace the root cause of the problem.

-Ilkka

[paolo.soto.pino]

This is the index.html of widget application. I'm working with Aptana and WRT Plugin.

For GMail feed show the response text. For Google Contacts Feeds url, the returned http code is 401.

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>Sample Widget</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <link rel="stylesheet" href="basic.css" type="text/css">
        <META NAME="Generator" CONTENT="Nokia WRT plug-in for Aptana Studio 2.3.0" />
    </head>
    <body>
        TEST
        <div id="respuesta">
        </div>
        <script>
            
            
            try {
            
                netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                
                var req = new XMLHttpRequest();
                
				var username = "XXXXXXX";
				var password = "XXXXXXX";
				var url = "https://www.google.com/m8/feeds/";
				//var url = "https://mail.google.com/mail/feed/atom/";
				
                req.open("get", url, true, username, password);
                
            	req.onreadystatechange = handler;
				
				req.send(null);
                
            } 
            catch (e) {
                document.getElementById('respuesta').innerHTML = e.description;
            }
            
            function handler(){
                document.getElementById('respuesta').innerHTML = "Respuesta : " + req.status + " " + req.readyState;
                
                if (req.readyState == 4 && req.status == 200) {
                    document.getElementById('respuesta').innerHTML = req.responseText;
                }
            }
            
            
        </script>
    </body>
</html>

[isalento]

I believe this is more complicated issue than just HTTP headers.

Contacts Data API authentication part states that AuthSub should be used to authenticate the requests.

However in the WRT context this won't work because widget it self is lost, when redirect happens. In addition widget does not have a URL where user could be redirected after successful authentication.

OAuth for Gadgets could be worth of investigation, but I don't know that much about it.

Br,
Ilkka

[paolo.soto.pino]

I was trying with ClientLogin ( http://code.google.com/apis/gdata/do...ml#ClientLogin ) , this method return a token when make a login. But for request a list of contacts is necessary set the authorization header in the httprequest, and is there where i have the problem.

[isalento]

So you have already done this step:

Code:

function authenticate(){
	var username = document.getElementById("username").value;
	var pass = document.getElementById("password").value;
	
	var params = "HOSTED_OR_GOOGLE&Email="+username+"@gmail.com&Passwd="+pass+"&service=cp&source=TestWidget_01";
	
	sendAuthPostReq("https://www.google.com/accounts/ClientLogin", params);	
}

function sendAuthPostReq(url, params){
	
	try {	 
		netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');	
	} catch (e) {}
	
	try{
		if (!authenticateReq) {
			authenticateReq = new XMLHttpRequest();
		}else if (authenticateReq.readyState != 0){
			authenticateReq.abort();
			writelog("auth aborted");
		}			
		authenticateReq.open("POST", url, true);	
		authenticateReq.onreadystatechange = handleAuthResponse;
		authenticateReq.overrideMimeType("application/x-www-form-urlencoded");
		authenticateReq.setRequestHeader("Content-length", params.length);	
		authenticateReq.setRequestHeader("Connection", "close");
				
		authenticateReq.send(params);
		
		writelog("Auth POST sent");	
	}
	catch(e){
		writelog("ajaxrequest sending error "+e);	
	}
}

function handleAuthResponse(){
	if(authenticateReq.readyState == 4) {
	  		writelog("4 (Loaded) All data received. responseTex/responseBody  available.");
			
			if (authenticateReq.status == 200){			
				writelog("Auth response got");
								
								
				var authTokenIndex = authenticateReq.responseText.indexOf("Auth=");
				
				if(authTokenIndex != -1){
					var authToken = authenticateReq.responseText.substr(authTokenIndex+5,authenticateReq.responseText.length);
                                        authToken = authToken.replace(/^\s+|\s+$/g,""); //to get rid of the extra space at the end
					alert(authToken);	
				
				}				
				
			}else{				
				writelog("Authenticate error: " + authenticateReq.status+ " "+ authenticateReq.statusText);
			}
		
	}
}

Then you just have to set the header

Code:

var url = "http://www.google.com/m8/feeds/contacts/default/full";
var auth = "GoogleLogin auth=D..YOUR AUTH..o";
sendajaxrequest(url, auth);	
	
function sendajaxrequest(url, auth){	

	writelog("ajaxrequest setup started");
	
	try {	 
		netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');	
	} catch (e) {}
	
	try{
		if (!ajaxrequest) {
			ajaxrequest = new XMLHttpRequest();
		}else if (ajaxrequest.readyState != 0){
			ajaxrequest.abort();
			writelog("ajaxrequest aborted");
		}	
				
		ajaxrequest.open("GET", url, true);
		ajaxrequest.onreadystatechange = handleAjaxResponse;
 		ajaxrequest.setRequestHeader("Content-type", "application/atom+xml");
		ajaxrequest.setRequestHeader("Authorization", auth);
		ajaxrequest.send(null);
		writelog("ajaxrequest GET sent");		
	}
	catch(e){
		writelog("ajaxrequest sending error "+e);	
	}
}

For some reason you will get SYNTAX_ERR: DOM Exception 12 if you try to call sendajaxrequest directly from the handleAuthResponse.
However it works if you first login and then get the contacts by using stored auth token.

Ps.
The script presented does not handle the login event from top to bottom. For example CAPTCHA handling is omitted.

-Ilkka

[paolo.soto.pino]

Is just in this line where i yhave the problem :

Code:

ajaxrequest.setRequestHeader("Authorization", auth);

The description of the error is : undefined.

With others http headers don't have problems.

[isalento]

Unfortunately this seems to be issue with 7.0 browser

The provided code works with N97 (7.1 browser), but asks for credentials on 5530.
Can you confirm this behavior or does it fails some other way in your use case?

Ps.
SYNTAX_ERR: DOM Exception 12 was caused by a white space trailing to auth token.
Remember to remove it by authToken = authToken.replace(/^\s+|\s+$/g,"");

-Ilkka

[hirvensarvi]

I am having the same issue as Paolo. I have updated my N97 firmware to the latest, and now the browser version is something like 7.1.x, but the code still gets stuck get "ajaxrequest.setRequestHeader("Authorization", auth);".