How to Use QT to implement Google API applications (1)-oauth details

 

Introduction to oauth, you can refer to the http://oauth.net/documentation/getting-started/

For how to use oauth, I think this is the focus of our attention.

For the application of oauth, aside from the specific protocol, we need to know the answer to the following questions:

1. What is the final purpose of using oauth?

A: For or access token, this token is similar to the token in the cookie. We use it as the key verification information in the Authorization header.

2. How to obtain the access token?

A: Generally, access token acquisition requires 3 steps, which is also the 3-legged method often mentioned in oauth or Google Documents. Different from 2-legged, we can simply understand that the 2-legged method is applicable to the paid consumer of Google API, especially for Web applications. You must first register the service on Google account. The 3-legged method is applicable to third-party non-web applications, such as mobile phones or desktop non-web applications.

For the access token acquisition process, use the 3-legged method as,. first Request token from Google (first token), B. use the token obtained in a to apply for authorization from the Google account (the token is the same as in a), C. after authorization, use the previous token to apply for access token. During the application, the verfier information provided after authorization is required.

3. What is signing oauth requests?

A: sign the submitted request to apply for a token. The request is a token request sent to Google using the get method. During the access token acquisition process (3-legged ), sign the request every time.

4. How to sign oauth request? How can we implement it with QT?

A: Sorry. Here we will only explain the non-web application signature method. For non-web applications, hmac_sha1 is used for encryption. A key and a base string are required. The two methods are described later. Qcryptographichash in QT has the sha1 encryption method, which can be used to complete this step. P.s. does not simply use qcryptographichash to encrypt the string. You also need to convert the key and base string according to the hmac_sha1 method. The specific method will be supplemented later.

 

5. How long is the access token used?

A: According to Google, access token is generally used for a long period of time, but it is also very easy to use. Whether it is expired or not remains to be verified.