Ngeblog 0.2 : Yes, You can Use AuthSub Now

As written in Google Code blog (err, yesterday), Ngeblog now supports AuthSub authentication. And it uses Zend Framework (Zend_Gdata) for abstracting the whole authentication process, including ClientLogin authentication.

Since Ngeblog 0.2 now uses the modified version of Zend_Gdata, the files is getting larger and it is hard for me to put Ngeblog 0.2 to phpclasses. So for now on you can download the source here or you can use svn to get the latest files on Google Code project hosting here.

Try out the demo here for ClientLogin authentication and here for AuthSub authentication. You can see the source code here and here for both demo respectively.

Alright, now let’s look what is new with Ngeblog.

Using ClientLogin Authentication

By the time of this writing, Zend_Gdata hasn’t supported ClientLogin authentication. But they promised to implement it soon. So for now, Ngeblog uses my own ClientLogin class for Zend_Gdata. Please read my previous post to understand how it works.

To use Ngeblog with ClientLogin authentication, you must first include the file like this,

  set_include_path(dirname(__FILE__) . '/Ngeblog');
  require_once 'Ngeblog/ClientLogin.php';

assuming Ngeblog is located in Ngeblog directory.

As i said in my previous post, you need a token to be able to access Blogger (or any other Google Services). And you must authenticate yourself to get this token. Here is how you can do that with Ngeblog,

  $resp =  Ngeblog_ClientLogin::getClientLoginAuth($username,$password);

if your username and password is correct and you have at least one Blogger account for that username then you’ll get $resp['auth'] as the token (authentication code). Use this token to create an instance of Ngeblog class, like this:

  $myblog = Ngeblog_ClientLogin::Connect($resp['auth']);

$myblog is an instance of Ngeblog class which can be used for viewing post(s),updating post or deleting post. All of this operation is described in my previous post. Or you can see the source code for ClientLogin demo here to get the picture.

As an illustration, the following codes will add a new post for blog id 839898989 :

<?php

  set_include_path(dirname(__FILE__) . '/Ngeblog');
  require_once 'Ngeblog/ClientLogin.php';

  $username = 'yourusername';
  $password = 'yourpassword';
  $resp =  Ngeblog_ClientLogin::getClientLoginAuth($username,$password);
  if ( $resp['response']=='authorized' )
  {
    $myblog = Ngeblog_ClientLogin::Connect($resp['auth']);

    $title = 'My Title';
    $content = 'Here is the content';
    $blogid = '839898989';
    $myblog->newPost($title,$content,$blogid);
  } 

?>

Using AuthSub Authentication

To use Ngeblog with AuthSub authentication, you must first include the file like this,

  set_include_path(dirname(__FILE__) . '/Ngeblog');
  require_once 'Ngeblog/AuthSub.php';

To get AuthSub token, first you need to ask your users to log into their Google Accounts authentication. Use Ngeblog_AuthSub::getAuthSubTokenUri() to show this URI. Here is the example to do that:

  echo 'You must <a href="'.Ngeblog_AuthSub::getAuthSubTokenUri().'">login</a> first to use our service.';

When they click the link, they will be prompted to log into their Google Accounts and grant/deny your web application to access their Blogger account. Once it’s authorized (and granted by them), Google redirects the user back to your web application with additional token in the query string which looks something like this:

  http://www.yourwebapp.com/blogger.php?token=CKF50YzIHxCT85KMAg

You can use this token to create an instance of Ngeblog class like this:

  $myblog = Ngeblog_AuthSub::Connect($_GET['token']);

As an illustration, the following codes will update a post for blog id 839898989 and entry id 938393839383938:

<?php

  set_include_path(dirname(__FILE__) . '/Ngeblog');
  require_once 'Ngeblog/AuthSub.php';

  if ( !isset($_GET['token']) ) {
    echo 'You must <a href="'.Ngeblog_AuthSub::getAuthSubTokenUri().'">login</a> first to use our service.';
  } else {
    $myblog = Ngeblog_AuthSub::Connect($_GET['token']);

    $newtitle   = 'My New Title';
    $newcontent = 'Here is my new content';
    $blogid  = '839898989';
    $entryid = '938393839383938';
    $myblog->editPost($entryid,$title,$content,$blogid);
  } 

?>

Using Session to Hold The Token

This is the major change in Ngeblog 0.2. As you might have noticed this, the old version of Ngeblog holds the token information in Class scope. Which means that you have to re-authenticate yourself each time you access the page.

In current version, i separated the authentication layer from the actual operation layer. This way, you only need to authenticate once and holds the token information for the rest of operation. One way to hold this token information is by using session.

As you can see in ClientLogin demo file, this is how you can do to use session to hold the token information,

  set_include_path(dirname(__FILE__) . '/Ngeblog');
  require_once 'Ngeblog/ClientLogin.php';

  session_start();

  if (!isset($_SESSION['clientlogin_token']))
  {
    if (isset($_POST['username']) && isset($_POST['password']))
    {
      try {
        if (isset($_POST['captchatoken']) && isset($_POST['captchaanswer'])) {
          $resp =  Ngeblog_ClientLogin::getClientLoginAuth($_POST['username'],$_POST['password'],$_POST['captchatoken'],$_POST['captchaanswer']);
        } else {
          $resp =  Ngeblog_ClientLogin::getClientLoginAuth($_POST['username'],$_POST['password']);
        }
      } catch ( Exception $e )  {
        echo $e->getMessage();
        exit;
      }

      if ( $resp['response']=='authorized' )
      {
        $_SESSION['clientlogin_token'] = $resp['auth'];
        header('Location: '.$_SERVER['PHP_SELF']);
        exit;
      }
      elseif ( $resp['response']=='captcha' )
      {
        echo 'Google requires you to solve this CAPTCHA image <br />';
        echo '<img src="'.$resp['captchaurl'].'" /><br />';
        echo '<form action="'.$_SERVER['PHP_SELF'].'" method="GET">';
        echo 'Answer : <input type="text" name="captchaanswer" size="10" />';
        echo '<input type="hidden" name="captchatoken" value="'.$resp['captchatoken'].'" />';
        echo '<input type="submit" />';
        echo '</form>';
        exit;
      }
    }

    // if session doesn't exist, show login form
    echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
    echo 'Username: <br /><input type="text" name="username" size="45" /><br />';
    echo 'Password: <br /><input type="password" name="password" size="45" /><br />';
    echo '<input type="submit" value="Login" />';
    echo '</form>';
    exit;
  }
  else
  {
    if ($_GET['cmd']=='logout') {
      unset($_SESSION['clientlogin_token']);
      header('Location: '.$_SERVER['PHP_SELF']);
      exit;
    }
  }

and this is how to do it for AuthSub authentication,

  set_include_path(dirname(__FILE__) . '/Ngeblog');
  require_once 'Ngeblog/AuthSub.php';

  session_start();

  if (!isset($_SESSION['authsub_token'])) {
    if (isset($_GET['token'])) {
      $session_token =  Ngeblog_AuthSub::getAuthSubSessionToken($_GET['token']);
      $_SESSION['authsub_token'] = $session_token;
    } else {
      echo 'You must <a href="'.Ngeblog_AuthSub::getAuthSubTokenUri().'">login</a> first to use our service.';
      exit;
    }
  }
  else
  {
    if ($_GET['cmd']=='logout') {
      Ngeblog_AuthSub::AuthSubRevokeToken($_SESSION['authsub_token']);
      unset($_SESSION['authsub_token']);
      header('Location: '.$_SERVER['PHP_SELF']);
      exit;
    }
  }

Please note that you need Ngeblog_AuthSub::getAuthSubSessionToken($_GET['token']) to upgrade a single use token to a session token. And to revoke AuthSub session token you need to use additional Ngeblog_AuthSub::AuthSubRevokeToken($token) besides unset(). This is because AuthSub session tokens don’t expire; your client can store the session token for as long as needed. Therefore it must be revoked to clear granted access to your web apps.

Join the Conversation

3 Comments

  1. Hello,

    I’ve been playing with Ngeblog for some time now. Thanks, your work certainly makes things easier.

    I have a question about 0.2 and AuthSub. When testing either your hosted authsub demo, or a locally running copy, I’m finding the following:

    – enter gmail credentials
    – grant token via google page
    – demo_authsub.php displays my list of blogger beta blogs
    – click on “browse” for one of my blogs
    – “Failed to retrieve post, Blogger returned error : Resource not found” is returned.

    Any idea why this would happen? Is it something specific to my google account, or is it a known problem with the script?

    Thanks for everything. I’ll also add this to the Issue Tracker on code.google.com. Sorry for the duplication.

    Ryan

  2. Thanks Ryan. It seems like there’s a new rules for Blogger currently in Beta. I have fixed it.

    Please try now, grab the source from google code hosting. And let me know if you still find any bugs.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.