Home/ Questions/Q 3801806
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T14:06:29+00:00

I’m currently trying to access a Google service via a Chrome extension. My understanding

  • 0

I’m currently trying to access a Google service via a Chrome extension. My understanding is that for JS apps Google’s preferred authentication mechanism is OAuth. My app currently successfully authenticates via OAuth to the service.

The preferred mechanism to query the service is via SOAP. However SOAP has it’s own ‘auth token’ concept which is set in the body of the XML. I do not have a old-style ‘ClientLogin’ token to use per Google’s docs.

How can I run SOAP queries using my OAuth-authenticated access token? Or should I be using different mechanism to query or authenticate?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Answering myself:

    Authenticate to OAuth via the normal mechanism, ie, in JS:

    var oauth = ChromeExOAuth.initBackgroundPage({
 'request_url': 'https://www.google.com/accounts/OAuthGetRequestToken',
 'authorize_url': 'https://www.google.com/accounts/OAuthAuthorizeToken',
 'access_url': 'https://www.google.com/accounts/OAuthGetAccessToken',
 'consumer_key': 'anonymous',
 'consumer_secret': 'anonymous',
 'scope': 'https://domain_for_your_api/',
 'app_name': 'Your app name'
});

    Then authenticate and run your SOAP requests as a callback:

    function authenticateAndGetAlerts() {
    oauth.authorize(runMyRequest);
}

    The SOAP header is a smaller version of what’s documented, omitting the fields that are only necessary for ClientLogin API. 

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://adwords.google.com/api/adwords/mcm/v201008" xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201008" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <SOAP-ENV:Header>
  <ns1:RequestHeader xsi:type="ns2:RequestHeader">
   <ns2:developerToken>Your developer token</ns2:developerToken>
   <ns2:userAgent>Your app name</ns2:userAgent>
  </ns1:RequestHeader>
 </SOAP-ENV:Header>

    Body is per normal.

    Then POST this using the appropriate method (oauth.sendSignedRequest in JS) that will add the required OAuth fields to the query string:

    var request = {
 'method': 'POST',
 'body': soapenvelope
};   
oauth.sendSignedRequest(url, callback, request);

    Done. If you need to do the query manually rather than use sometong like sendSignedRequest, it looks like:

    servicename.google.com/where/your/service/lives?oauth_consumer_key=anonymous&oauth_nonce=something&oauth_signature=something&oauth_signature_method=HMAC-SHA1&oauth_timestamp=something&oauth_token=something

    TLDR: OAuth in query string, omit all auth info from SOAP header.

    • 0