We are not parsing the URL, we are in fact parsing the HTML title of the user's browser window.
You can see in the example on that document there is a screenshot which shows this as the title of the user's browser window:
"Success Code=<authorization code>
and it says:
" Your application can then extract the authorization code from the page title. "
There is not a best practice defined method of parsing the authorization code out of the title. The reason we made the assumption to extract a set number of characters out of the title was out of fear that Google may localize the string "Success Code" based on a users location or change it in the future. Somehow we thought the number of characters in the auth code would remain static overtime but the string before the equals sign would be more likely to change, that was the assumption that nearly killed us.
Here is the code that we use now:
tokens = dlg.HTMLPageTitle.Split(new[] {' ', '='});
if (tokens.Length > 2)
{
AuthorizationCode = tokens[2];
}
So now we are assuming the title of that page will always have an equals sign in it, followed by the auth code.
If it doesn't we basically show an error to the user explaining authorization failed.
To provide an update:
- We have released an updated version that fixes this, although we are nowhere close to getting our total install base updated. That will take a while longer and we will have to hope Google's team keeps the temporary revert up as long as it takes us although we are not counting on it. The fact that they set it back for us at all was a real blessing.
- We have implemented an auto-update feature
- We do make proper use of refresh tokens
- I am in no way endorsing Client Login, or any method other than oAuth2. I simply panicked and I still can't help but wonder what other apps do you use.
Thanks again to Jeff, the API team, and the oAuth2 / gdata engineers or any person involved in saving our butts.
On Sunday, April 29, 2012 8:32:51 AM UTC-7, zdravko wrote:
OK, I am glad to see how well this played out and how willing and how
fast the GOOG team reacted to throw Dan a lifeline. Impressive !
However, I am still confused as I am not sure if Tim's question got
fully answered. I am an old timer who is barely scratching surface in
web development and even I know about URL parsing and existence of
utilities that already do that. So, was Dan not following industry
documented best practices (or meaning of life and it's DNA calcs
via ?'s and &'s) or did the API team depart from them?
P.S. Jeff, I am proud of you and the rest of the team who played a
role in this resolution.
You received this message because you are subscribed to the Google Groups "YouTube APIs Developer Forum" group.
To view this discussion on the web visit https://groups.google.com/d/msg/youtube-api-gdata/-/VF62hlZ7Vj8J.
To post to this group, send email to youtube-api-gdata@googlegroups.com.
To unsubscribe from this group, send email to youtube-api-gdata+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/youtube-api-gdata?hl=en.
No comments:
Post a Comment