SL Forums - llHTTPRequest with Authorization Token

08-21-2008, 08:25 PM	#1
Very Keynes LSL is a Virus Join Date: May 2006 Location: is not currently avalible, please try again later. Posts: 292	llHTTPRequest with Authorization Token I am experimenting with the Google Data API with mixed results and wondered if any one could give me a spot of help. I have managed to use the ClientLogin service and it correctly returns the keys. In the API documentation it say Quote: After a successful authentication request, use the Auth value to create an Authorization header for each request: Authorization: GoogleLogin auth=yourAuthValue The problem is that I am not sure how to use that header information in subsequent HTTP Requests. I have been trying the following: requestid = llHTTPRequest("http://spreadsheets.google.com/feeds/spreadsheets/private/full",[HTTP_METHOD,"GET","Authorization: GoogleLogin auth="+auth],""); where auth is a string containing the Authorization key from the earlier step. p.s. I did try URLEscape on the Authorisation header, still no luck. It should return metadata about the users spreadsheets but instead it is returning a 404 status. I have a feeling that, despite the status being 404 rather than 401 or 403, it is something to do with the way I am handling the Authorization token, as I know there are valid spreadsheets in the account. Any advise or suggestions would be greatly appreciated. edit: I had to trim this post a lot as it was would not allow me to post the original, If anybody would like more info I can post specifics. Last edited by Very Keynes : 08-21-2008 at 09:33 PM.

08-21-2008, 09:55 PM	#2
Pedro McMillan Sloodle Developer Join Date: Jul 2007 Posts: 47	The list parameters has to be integer/string pairs, and currently, I'm afraid llHTTPRequest doesn't seem to support authorization: [url]http://www.lslwiki.net/lslwiki/wakka.php?wakka=llHTTPRequest[/url] Sorry I can't be of more help!

08-21-2008, 11:05 PM	#3
Day Oh Registered User Join Date: Feb 2007 Posts: 930	Would you believe there's no support for supplying headers with an HTTP request? Does anyone have any clue why? Anyway, here's a JIRA issue: http://jira.secondlife.com/browse/SVC-563? It's hard to believe there are only 10 votes. If you find a different issue in the JIRA please post it here, I want to vote.

08-21-2008, 11:20 PM	#4
Very Keynes LSL is a Virus Join Date: May 2006 Location: is not currently avalible, please try again later. Posts: 292	OK, Thanks Guys I voted, but I guess that is 2 days of wasted effort on my part "assuming" that the HTTP protocols would at least conform to the standards. With no encryption, no authentication, no XML parser, limited packet sizes and no data storage and Linden Labs still want to pitch this as a business application platform? I think it is only 10 (11 now) votes because the people who need that functionality see its absence as a good reason not to use SL for business and so don't bother to vote or even sign in

08-22-2008, 12:14 AM	#5
Pedro McMillan Sloodle Developer Join Date: Jul 2007 Posts: 47	I think LSL as a language really hasn't had the power or memory capacity to cope with large volumes of data (until Mono, anyway), so there wasn't really any need for big complex features. In saying that, I doubt they are ever likely to let you edit the HTTP headers in whatever way you like, since that could open up a huge can of worms for security and reliability and so on. There's other ways round it anyway, allowing you still to do plenty of stuff even for business applications (you just need to have a fairly ruthless approach to efficiency!). Instead of using generic standards, you can create your own bespoke data format which operates as a layer on top of HTTP, and implement your own security in with it. That's what we do in the Sloodle project ([url]www.sloodle.org[/url]). We have a very rigid text-based format for a "status line" at the start of any data, and the subsequent line(s) follow similar layout guidelines, but the format is generally dependent on the task at hand, so as little parsing as possible is needed. Internal passwords are sent as HTTP parameters. It might not be a perfect solution, but it's usually sufficient.

08-22-2008, 08:02 AM	#6
Haruki Watanabe llSLCrash(void); Join Date: Mar 2007 Posts: 358	12 votes... Being able to add http-headers would allow us to use the «content-range: bytes...»-header, which would allow us to pull more data from a webpage than just the first 2048bytes. But - as Pedro points out - this might be a worm-can-opener.... So we might never see this...

08-22-2008, 08:53 AM

Very Keynes

LSL is a Virus

Join Date: May 2006

Location: is not currently avalible, please try again later.

Posts: 292

Quote:

Originally Posted by Wednesday, August 20th, 2008 at 6:09 PM by: babbagelinden

As well as providing immediate benefits, the integration of the Mono virtual machine makes many future improvements possible: the use of mainstream languages to script Second Life alongside the existing LSL language; the removal of arbitrary per-script limits on script resource usage and the use of mainstream libraries and tools for scripting to name a few.(

Looks like the door is not yet closed on replacing LSL then. I wonder if the .NET version of the GData Tools would run under this implementation of MONO. But I wont hold my breath waiting

I will have a go at writing a Google App Engine application as a gateway to the GData API's, but that means having to now learn Python too and for my simple application requirements it is rather an overkill, especially as I am not a professional developer nor have a potential revenue stream to make the time investment worthwhile.

08-22-2008, 09:25 AM

Hewee Zetkin

Registered User

Join Date: Jul 2006

Posts: 1,672

Quote:

Originally Posted by Very Keynes

That's the SL spirit!

Uh huh. You think I'm joking?

08-22-2008, 10:46 AM	#9
Haravikk Mistral Registered User Join Date: Oct 2005 Posts: 2,345	Can't you specify authorisation as part of the URL? Like this: [url]http://usernameassword@domain.com/page.php?[/url] Or are you trying to do something different?

08-22-2008, 02:30 PM

#10

Very Keynes

LSL is a Virus

Join Date: May 2006

Location: is not currently avalible, please try again later.

Posts: 292

Quote:

Originally Posted by Haravikk Mistral

Can't you specify authorisation as part of the URL? Like this:
[url]http://username

assword@domain.com/page.php?[/url]

Or are you trying to do something different?

Something different, you log in as:

requestid = llHTTPRequest("https://www.google.com/accounts/ClientLogin",
[HTTP_METHOD, "POST",HTTP_MIMETYPE, "application/x-www-form-urlencoded"],
"accountType=HOSTED_OR_GOOGLE&Email=user@gmail.com&Passwd=userpassword&service=wise");

It then returns 3 Tokens in XML format, one of which is the Auth=Token, that must then be used in each HTTP request.

08-22-2008, 03:55 PM	#11
Haravikk Mistral Registered User Join Date: Oct 2005 Posts: 2,345	Ah, didn't realise the login type was Google's own kind, thought it was just based off the same authorisation you can place directly into the URL. Could you use your own website to build the requests using input from a script? I know it's not ideal but it's likely all we can do for now =(

08-22-2008, 06:14 PM

#12

Very Keynes

LSL is a Virus

Join Date: May 2006

Location: is not currently avalible, please try again later.

Posts: 292

Quote:

Originally Posted by Haravikk Mistral

Could you use your own website to build the requests using input from a script? I know it's not ideal but it's likely all we can do for now =(

Yes, and that is exactly what I am trying to prevent

So far the only way around the data-storage problems have been to

a) send it to your own PC, via email or chat log, which is not to bad for archival information, but is difficult to retrieve.

b) store it in scripts and hope that the script is not directly or indirectly reset. Personally I like this method and have not yet lost any data in over 2 years, but it is limited to storage in the same object or region unless you can also guarantee that the object key will not change.

c) use a 3rd party data base over which you have little control, must trust the provider and hope that they will remain in business long after you are around to support your own scripts.

d) host your own web site with SQL etc. but have the cost of maintaining it and providing user support if you sell any scripts that use it.

But now that Google provide API's to Google Docs it makes sense to use them for SL storage as they are free, the platform is scalable and reliable and in all honesty I think Google will be around a lot longer than SL so I trust them with my data.

A while ago some one on this forum said "if you have learnt LSL you can learn a language like C++ or Java in a weekend", so I am putting it to the test, I have given myself a weekend to learn Python and the Google Apps Engine SDK to see if I can set up a gateway for LSL into Google Docs and possibly even use the Google database.

Wish me luck

Last edited by Very Keynes : 08-22-2008 at 06:20 PM.

08-25-2008, 08:22 AM

#13

Pedro McMillan

Sloodle Developer

Join Date: Jul 2007

Posts: 47

Quote:

Originally Posted by Very Keynes

A while ago some one on this forum said "if you have learnt LSL you can learn a language like C++ or Java in a weekend"

Hehe, the C++ programmer in me is writhing at that quote! (Preprocessor commands, memory pointers/references, function overloading, object orientation, dynamic/static polymorphism, metaprogramming...

... I'll stop now...)

How'd you get on with Python? It's a bit of a weird language, but certainly very interesting to use. I especially like all the Monty Python references in the documentation!

08-25-2008, 11:24 AM

#14

Very Keynes

LSL is a Virus

Join Date: May 2006

Location: is not currently avalible, please try again later.

Posts: 292

Quote:

Originally Posted by Pedro McMillan

How'd you get on with Python? It's a bit of a weird language, but certainly very interesting to use. I especially like all the Monty Python references in the documentation!

Well I didn't reach my goal fully, but I did scratch the surface and get one or two simple programs running. I find it a fascinating language, although some of the data types have my mind spinning such as Lists of Tuples of lists

and string vs text data types. I also find the syntax to be strange, having to use precise indentation rather than braces and punctuation to define code blocks.

One thing that I did learn is that I have a lot to learn, so I spent most of the weekend finding info and setting up a test environment. So far I have Python 2.5 and Idle installed, have a local HTTP server (the one written in python) running. have the GData API's and SDK installed and can use LSLEditor to talk to python or the locally hosted Google App and have them send data back to LSLEditor, so my whole development environment can work offline.

I also had to read up on HTTP so that I understood what I was trying to achieve as well as the GData API's so that I knew the headers and data types. I also spent time reading up on CGI and on XML so that I could understand what web servers are doing and what format the data was being returned in.

I now have a better understanding of what I need to do, an environment to do it in and the tools and basic knowledge to read and dissect Python libraries and functions and how to import what I need etc.

All in all it was a fun and rewarding exercise and, though I doubt I will have any production code running in the short term, I have certainly broadened my knowledge and discovered a whole new set of tools.

And being a Monty Python fan certainly helps to understand the humor hidden in the tutorials

Last edited by Very Keynes : 08-25-2008 at 11:26 AM.