When trying to connect to Picasaweb API in Java, I've got this error:

com.google.gdata.util.ServiceForbiddenException: Forbidden
Token invalid - Invalid token: Cannot parse referred token string
    at com.google.gdata.client.http.HttpGDataRequest.handleErrorResponse(HttpGDataRequest.java:605)
    at com.google.gdata.client.http.GoogleGDataRequest.handleErrorResponse(GoogleGDataRequest.java:564)
    at com.google.gdata.client.http.HttpGDataRequest.checkResponse(HttpGDataRequest.java:560)
    at com.google.gdata.client.http.HttpGDataRequest.execute(HttpGDataRequest.java:538)
    at com.google.gdata.client.http.GoogleGDataRequest.execute(GoogleGDataRequest.java:536)
    at com.google.gdata.client.Service.insert(Service.java:1409)
    at com.google.gdata.client.GoogleService.insert(GoogleService.java:613)
    at com.google.gdata.client.media.MediaService.insert(MediaService.java:380)

Here is my code:

final String[] SCOPESArray = { "https://picasaweb.google.com/data/" };
final List SCOPES = Arrays.asList(SCOPESArray);
final GoogleCredential credential = new GoogleCredential.Builder()
  .setTransport(new NetHttpTransport())
  .setJsonFactory(new JacksonFactory())
  .setServiceAccountId("[email protected]")
  .setServiceAccountScopes(SCOPES)
  .setServiceAccountPrivateKeyFromP12File(new File("key.p12")).build();
final PicasawebService picasaService = new PicasawebService("toto");
picasaService.setOAuth2Credentials(credential);
picasaService.insert(new URL(FEED_URL), album);

I think somethig is missing, how the link between the service account and the Picasa account is made? I tried to had url in the scope, like https://picasaweb.google.com/data/entry/api/user/" + USER_ID or "https://picasaweb.google.com/data/feed/api/user/" + USER_ID, but without success...

I want to avoid 'user consent' dialog each time the application access to the Picasa album.

I didn't find examples of PicasaWeb API and oAuth2, so if anybody have an idea... Thanks!

Edit : I found informations about "Delegating domain-wide authority to the service account" https://developers.google.com/identity/protocols/OAuth2ServiceAccount which do what I want with setServiceAccountUser("[email protected]") but it seems it's working only for Google Apps domains.

1

There are 1 answers

3
pinoyyid On

how the link between the service account and the Picasa account is made?

There is no link. The Service Account and the Picasa Account are two different users as far as Google is concerned. You probably (I'm guessing as you didn't explain your use case) do NOT want to be using a Service Account.

Treat the Picasa API and OAuth as two completely separate learning exercises. Think of OAuth as the stuff that leads you to have an Access Token, and then the Picasa API as the thing you poke that Access Token into. try using the OAuth Playground (https://developers.google.com/oauthplayground/) to mock what it is you want to achieve. That will teach you all you need to know about OAuth, and show you what the http requests should look like, which you can subsequently compare with your app.