Tuesday, March 10, 2015
Integrating your Rails application with Google Apps and the Apps Marketplace
In this article you will find a step-by-step guide to integrating your Ruby on Rails application with Google Apps and launching it on the Google Apps Marketplace. The Google Apps Marketplace is a great platform to get new clients, show off our product and integrate Floorplanner with the services Google provides. At the beginning of the summer we tried to launch our application on the Marketplace. We found out that a lot of people were struggling with the existing Rails libraries and the OAuth authorization method, therefore we would like to provide this tutorial to help other developers. I would like to thank Dušan Maliarik for building this implementation with me and finding the solution for using the two-legged OAuth authorization.
1. The initial setup
Before you start programming there is some required setup. You first have to add a new application on the Google Apps Marketplace. You will need a Vendor Profile for this and a Google account. Sign In to the Marketplace with your Google account and go to your Vendor Profile using the link at the top-right of the Marketplace homepage.After you enter some information about your company, there will be a list of your applications called “Listings.” You need to create a new listing to develop and test your application. When you create a new listing, check the box which says “My product may be directly installed into Google Apps domains.” This is necessary if you want the application to have an “Add it Now” button on the listing page, and allows you to add a Manifest to describe the application.
A Manifest describes all the settings of your application, like the name, URL’s and required permissions. Below you can find an example manifest. You will need to change all fields surrounded by brackets [ ].
<?xml version="1.0" encoding="UTF-8" ?>
<ApplicationManifest xmlns="http://schemas.google.com/ApplicationManifest/2009">
<Name>[ApplicationName]</Name>
<Description>[Description]</Description>
<!-- Administrators and users will be sent to this URL for application support -->
<Support>
<!-- URL for application setup as an optional redirect during the install -->
<Link rel="setup" href="[ApplicationSetupUrl]?domain=${DOMAIN_NAME}" />
<!-- URL for application configuration, accessed from the app settings page in the control panel -->
<Link rel="manage" href="[ApplicationAdminUrl]?domain=${DOMAIN_NAME}" />
<!-- URL explaining how customers get support. -->
<Link rel="support" href="[ApplicationHelpUrl]" />
<!-- URL that is displayed to admins during the deletion process, to specify policies such as data retention, how to claim accounts, etc. -->
<Link rel="deletion-policy" href="[ApplicationPolicyUrl]" />
</Support>
<!-- Show this link in Googles universal navigation for all users -->
<Extension id="navLink" type="link">
<Name>[ApplicationName]</Name>
<Url>[ApplicationLoginUrl]?domain=${DOMAIN_NAME}</Url>
<!-- Used APIs -->
<Scope ref="contactFeed"/>
<Scope ref="spreadsheetFeed"/>
<Scope ref="doclistFeed"/>
</Extension>
<!-- Declare our OpenID realm so our app is white listed -->
<Extension id="realm" type="openIdRealm">
<Url>[ApplicationRealm]</Url>
</Extension>
<Scope id="doclistFeed">
<Url>https://docs.google.com/feeds/</Url>
<Reason>[Reason]</Reason>
</Scope>
<Scope id="contactFeed">
<Url>https://www.google.com/m8/feeds/</Url>
<Reason>[Reason]</Reason>
</Scope>
</ApplicationManifest>
You should decide whether you want to create a setup page. During the installation process of the application you will be redirected to the URL you specified in the manifest under “setup”. This is useful for collecting additional information necessary for configuring the app, or setting up a new umbrella account for the company. The umbrella account allows you to use other users of the domain as sub-users. You can also retrieve other information, like the administrators of the domain, the logo of the Google Apps account, or the domain name of the Google Apps account. If you don’t want to redirect customers to your site during the installation process, then just remove the line from your manifest.
2. Rails libraries and OpenID
The code you’re going to use relies on several Rails plugins and gems. The plugins/gems needed for this tutorial are listed below.- OAuth Gem
- Ruby-openid
- Rack-openid
- Ruby-openid-apps-discovery
def login
# The domain needs to be set. For example with params[:domain]
authenticate_with_open_id(params[:domain]),
{ :required => ["http://axschema.org/contact/email"], :return_to => /login}) do |result, identity_url, registration|
if result.successful?
# Succesfully logged in, retrieve email address
email = get_email(registration)
else
# Failed to login
end
end
end
def get_email(registration)
ax_response = OpenID::AX::FetchResponse.from_success_response(
request.env[Rack::OpenID::RESPONSE])
ax_response.data["http://axschema.org/contact/email"].first
end
After reviewing this code sample you can alter it for using it with the setup page. Authenticate with OpenID when a user goes into the setup procedure and redirect them to the actual setup page after they are authenticated.
After your setup page is complete you can add your Google Apps Marketplace listing to your Google Apps account. Note that administrator privileges are necessary to add the application to your Google Apps account. You can add the application from the Vendor Profile when you click on your newly created application. A big blue button will appear on the right side of the listing’s information page. More information on this process can be found on the Creating a Listing page in the Marketplace developer documentation.
3. Using the Google Data APIs
When using the Google Data APIs outside of the Apps Marketplace you have to get access to a user’s data using three-legged OAuth, AuthSub or ClientLogin. These authorization methods require your application to redirect the user to Google’s site to request authorization. Because you’ve already authenticated the user by using OpenID and an administrator has granted authorization to the user’s data when they added your application to their Google Apps domain, you don’t want to use these methods.For the Google Apps Marketplace there is another option-- two-legged OAuth. Two-legged OAuth allows your application to use a single consumer key and secret (available from the Vendor Profile) to access the data for all your customers who have installed the Marketplace app and granted the appropriate permissions. Because the administrators have granted permission on behalf of their users, each user does not need to be prompted individually.
The first thing you should try is to retrieve a contact list of a user. You could use it for auto completion on forms, or you can let users quickly add friends to your application.
CONSUMER_KEY = "Your-consumer-key"
CONSUMER_SECRET = "Your-consumer-secret"
def get_contacts
# Retrieve contacts
email = "user@email.com"
url = "https://www.google.com/m8/feeds/contacts/default/full?xoauth_requestor_id=#{email}"
contacts = gdata_request(url, :get)
end
def gdata_request(url, method, headers = {}, data = "")
uri = URI.parse(url)
# Setting up two-legged-oauth
consumer = OAuth::Consumer.new(CONSUMER_KEY, CONSUMER_SECRET)
oauth_params = {:consumer => consumer, :method => method, :request_uri => uri.to_s}
# Set Net:HTTP connection
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.port == 443)
if method == :post
req = Net::HTTP::Post.new(uri.request_uri)
req.body = data
else
req = Net::HTTP::Get.new(uri.request_uri)
end
# Set authorization header
oauth_helper = OAuth::Client::Helper.new(req, oauth_params)
req.initialize_http_header(headers.merge({Authorization => oauth_helper.header}))
# Execute request
response = http.request(req)
response.body
end
The feature we struggled with the most during the integration of Floorplanner was the two-legged OAuth authorization. There was no documentation available for the gems and it took some attempts to get it right. We turned to the OAuth Playground to find out the differences between our own request and the working request. After numerous tries we found out that we need to specify the HTTP method in order to get it working. It was important to use the Net::HTTP::Post request when sending information and Net::HTTP::Get request when retrieving information. This sounds logical, but it also needed to be done when retrieving the authorization header in the OAuth Client Helper, as well as in the Net HTTP request. Now we have this code, we can generate a request for almost every call in the Google Data API’s.
In the next example, you will use the Google Docs API to send a CSV file to a user’s Google Docs account. You need to do a POST request to the Google Docs feed. The request is almost the same as in the previous example, only you need to add two more headers. One is the Content-Type where you specify the MIME type you want to send. In this case, you’re uploading a CSV file so “text/csv” will do. Another header you need to send is the Slug. This value specifies the name you want for the document in Google Docs. Another way of doing this is adding meta-data to the body of the request. More information on this method can be found in the the Google Docs documentation.
def submit_csv_to_gdocs
email = user@email.com
url = https://docs.google.com/feeds/default/private/full?xoauth_requestor_id=#{email}
# Create new CSV
csv = StringIO.new
CSV::Writer.generate(csv, ,) do |line|
line << ["Example 1", "Example 2"]
end
csv.rewind
# Send request
gdata_request(url, :post,
{ Content-Type => text/csv,
Slug => test.csv,
GData-Version => 3.0 },
csv.read)
end
Now, this is all you need to get started with the Google Data API’s. Be sure to check out the Google Apps Marketplace Developer overview for more information and to see which API’s you could use and how to use these. I would advise to check out the OAuth Playground if you have any problems with authorization. Using the playground with two-legged OAuth is very easy. Just follow these steps:
- Set the signature method to HMAC-SHA1
- Type in your consumer key and consumer secret (these can be found in your Vendor Profile)
- Set your Feed URL (step 6)
- Set GData-version to 3.0 unless the API only supports 2.0
- Click execute
Thank you for reading this tutorial. I know this isn’t the best approach on using two-legged OAuth but it will give you some insight. The best way would be to build in two-legged OAuth support in the Google Data APIs Ruby Utility Library. I haven’t done that yet but am planning to look into that soon. If you have any questions or comments, I would love to hear from you. You can email me at vincent@floorplanner.com.
One last note: These code snippets are just examples of how to use the Google Apps Marketplace with Rails. I would advise you not to use these examples in a production environment.
Want to weigh in on this topic? Discuss on Buzz
Labels:
and,
application,
apps,
google,
integrating,
marketplace,
rails,
the,
with,
your
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.