Google Reader – Revisited

A few weeks ago, I published a tutorial regarding using the Google Reader API in PHP projects.  Since that time, Google has changed the authentication portion of their API somewhat, so I need to revise my instructions just a bit.  And some day in the future, I’ll even post a tutorial on how to use oAuth with the Google API as well.

Initially, you need to request an SID from Google.  You pass your Google username and password in a standard HTTP POST and the response contains a string that looks something like this:

SID=DQAAAAAB8P9jygcxbrTzYknOWDDKZPSQbb8YJq30PDpbo2h-pPUrcODSbudpBK7rZjfjRU1rr___orLDYqcBX3ycBIKL5F20tv2hLyI_1k_iCsuRr82fORPIcxSm
Yhs31A_5wKViHlXZ7HSoWcVFLZUqHyAdLBI3jDR7UkXJtX0-5LH6EBb_95DCPFchXbVDtuS
YYWuyGmXo-EKvaPlTT-c
LSID=DQAoAAAAySoTyd8B7uQ138aJTHjWdRtScsjuQJBQhkAuCqd0SJbgRCGXql6DgP_dw
tTy1kKa1iKaNeXcCtNExYpE1FSeV2Xb1_JlWcowYhU5PVNNHtoTgqMMdtaNudNom1-Snh4Nz4O6ZXE8VG9cxxLx379_yjNuZip4orXHNwg7jT9oEq4F8yFWBTD7DejKpnY8n3PEJg
bc5_9mqjewjVRQG0
Auth=DQAAAAAAySoTyd8B7uQ138aJTHjWdRtScsjuQJBQhkAuCqd0SJbgRCGXql6DgP_dw
tTy1kKZeUIOuqdQ-Dt0kKMCzDMXnxS3BSTUEPiC3wBis6xoUiQS8_o0_9osTqoXTr3iO0Nwn-ZPrn_ZiLX198Wyn7lkQLp5T1gpahnjO58csk0NtwGfElre2log6nx3AcSbwWfey_TrxWzCSgn6
i-9

You see three named keys there: SID, LSID, and Auth.  In the old days, all you needed was the SID to create an authentication token.  Then you passed this token in a cookie with every POST or GET request to the API.  Though I always wondered why Google generated those other values if they weren’t used.  Failing to use them, though, broke my PHP class for connecting to Google Reader … and upset quite a few users of my WordPress plug-in.

After some research, I found that Google now wants you to send the Auth key in the headers of your requests.  Instead of setting the cookie as a cURL variable, you add an HTTP header “Authorization: GoogleLogin auth=” with your Auth key.  Here’s the new _getToken() method from my Google Reader class:

[cc lang=”php”]
private function _getToken() {
$this->_getSID();
$this->_cookie = “SID=” . $this->_sid . “; domain=.google.com; path=/”;

$url = “http://www.google.com/reader/api/0/token”;

$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array(‘Content-type: application/x-www-form-urlencoded’, ‘Authorization: GoogleLogin auth=’ . $this->_auth));
curl_setopt($ch, CURLOPT_URL, $url);

ob_start();

curl_exec($ch);
curl_close($ch);

$this->_token = ob_get_contents();

ob_end_clean();
}
[/cc]

Compare this with the _getToken() function from my last tutorial.

The class itself now sets this header with every HTTP GET and POST request before passing them to the server rather than setting the cookie like we did last time.  For the time being, this new method works.  But I’m still working on an oAuth version to take its place for the long run.