ZF Zend Framework

Behind the Site

Programmer's Reference Guide

Using the Book Search Data API
Zend_Gdata
Programmer's Reference Guide

Authenticating with ClientLogin

The ClientLogin mechanism enables you to write PHP application that acquire authenticated access to Google Services, specifying a user's credentials in the HTTP Client.

See » http://code.google.com/apis/accounts/AuthForInstalledApps.html for more information about Google Data ClientLogin authentication.

The Google documentation says the ClientLogin mechanism is appropriate for "installed applications" whereas the AuthSub mechanism is for "web applications." The difference is that AuthSub requires interaction from the user, and a browser interface that can react to redirection requests. The ClientLogin solution uses PHP code to supply the account credentials; the user is not required to enter her credentials interactively.

The account credentials supplied via the ClientLogin mechanism must be valid credentials for Google services, but they are not required to be those of the user who is using the PHP application.

Creating a ClientLogin authenticated Http Client

The process of creating an authenticated HTTP client using the ClientLogin mechanism is to call the static function Zend_Gdata_ClientLogin::getHttpClient() and pass the Google account credentials in plain text. The return value of this function is an object of class Zend_Http_Client.

The optional third parameter is the name of the Google Data service. For instance, this can be 'cl' for Google Calendar. The default is "xapi", which is recognized by Google Data servers as a generic service name.

The optional fourth parameter is an instance of Zend_Http_Client. This allows you to set options in the client, such as proxy server settings. If you pass NULL for this parameter, a generic Zend_Http_Client object is created.

The optional fifth parameter is a short string that Google Data servers use to identify the client application for logging purposes. By default this is string "Zend-ZendFramework";

The optional sixth parameter is a string ID for a CAPTCHA challenge that has been issued by the server. It is only necessary when logging in after receiving a CAPTCHA challenge from a previous login attempt.

The optional seventh parameter is a user's response to a CAPTCHA challenge that has been issued by the server. It is only necessary when logging in after receiving a CAPTCHA challenge from a previous login attempt.

Below is an example of PHP code for a web application to acquire authentication to use the Google Calendar service and create a Zend_Gdata client object using that authenticated Zend_Http_Client.

  1. // Enter your Google account credentials
  2. $email = 'johndoe@gmail.com';
  3. $passwd = 'xxxxxxxx';
  4. try {
  5.    $client = Zend_Gdata_ClientLogin::getHttpClient($email, $passwd, 'cl');
  6. } catch (Zend_Gdata_App_CaptchaRequiredException $cre) {
  7.     echo 'URL of CAPTCHA image: ' . $cre->getCaptchaUrl() . "\n";
  8.     echo 'Token ID: ' . $cre->getCaptchaToken() . "\n";
  9. } catch (Zend_Gdata_App_AuthException $ae) {
  10.    echo 'Problem authenticating: ' . $ae->exception() . "\n";
  11. }
  12.  
  13. $cal = new Zend_Gdata_Calendar($client);

Terminating a ClientLogin authenticated Http Client

There is no method to revoke ClientLogin authentication as there is in the AuthSub token-based solution. The credentials used in the ClientLogin authentication are the login and password to a Google account, and therefore these can be used repeatedly in the future.

Using the Book Search Data API
Zend_Gdata
Programmer's Reference Guide

Comments

Posted by: Andrew on: 2010-06-30 14:16:46
Maybe I am reading this wrong, but the part that says "pass the Google account credentials in plain text". Does this mean the account credentials will be passed to Google in clear text? Or is it encrypted in any way, prior to sending across the internet? Is this method insecure? Or can I trust that this form of authentication is secure and won't compromise the privacy of the sensitive account credentials?
Posted by: andrei on: 2011-06-24 19:15:13
Client login autherntication goes through https. So - yeah - clear text doesn't matter.
Posted by: Tony on: 2011-08-29 15:41:52
I am new to this Zend Gdata API. What happens to getHttpClient when there is no internet connection (ie. unplug the LAN cable)? I find it will return nothing nor throw an exception.
Posted by: Patrick on: 2011-07-03 11:12:54
2 questions

Is there any way of storing the login in a session or something similar or do you have to always call Zend_Gdata_ClientLogin::getHttpClient ?

Also, even though the username and password are not sent in clear text, I assume that have to be set in the PHP file that you are using. Is there any way around this? (ie. does google provide some sort of token to allow HMAC ing so I don't need to store credentials?)
Posted by: Mark on: 2011-10-15 14:31:40
Hi,

At first, all seems to be working fine, I can use the API script with no issues. But now, after the captcha challenge appeared I'm getting "Error: Authentication with Google failed. Reason: BadAuthentication" after I provided a correct answer to the captcha.

Here is how I verified the captcha answer and the token

$client = Zend_Gdata_ClientLogin::getHttpClient('username', 'password', Zend_Gdata_Gapps::AUTH_SERVICE_NAME, null, 'app-name', $token, $answer);

Am I missing something on the above code? Any help is very much appreciated.

Thank you,
Mark

+ Add A Comment

Please do not report issues via comments; use the ZF Issue Tracker.

If you have a JIRA/Crowd account, we suggest you login first before commenting.

  • BBCode is allowed in the comment markup

    • Select a Version

    Languages Available

    Components

    Search the Manual

    • Navigation