Is SSL required to use the google plus api?

7
votes

Im fairly new to Oauth2.0.
I wanted to start using the Google Plus api.

I used the following resources

"Using OAuth 2.0 to Access Google APIs" documentation.

Google Plus Oauth Api scope key (https://www.googleapis.com/auth/plus.me).

After playing with curl and having success with other "scope keys" . I encountered the following error with the google plus scope (https://www.googleapis.com/auth/plus.me).

"Token invalid - AuthSub token has wrong scope"

Then i found the solution Google’s OAuth Pain: Token invalid – AuthSub token has wrong scope

It pointed out the following:

if you’re getting a “Token Invalid – AuthSub token has wrong scope” error when you’re trying to use OAuth (or even AuthSub for that matter?), make sure the scope you’re requesting is using the same protocol as you’re using

I did what he said , took the "s" off the scope "

http://www.googleapis.com/auth/plus.me

But now it gives me this error

enter image description here

Does this mean that your site MUST use SSL?

Thanks for the feedback.

EDIT: Turns out i was using the wrong api
Should be https://www.googleapis.com/plus/v1/people/me?access_token=xxxx

2
oauthgoogle-plus
The Google+ API endpoint is https://www.googleapis.com/plus/v1/. Google's OAuth2 Authorization Endpoint is https://accounts.google.com/o/oauth2/auth. I don't see any non-HTTPS URI anywhere.dtb
Yeah, using the HTTPS version resulted in, "Token invalid - AuthSub token has wrong scope" as pointed aboveBodman
Can you add steps to reproduce the problem?dtb
I think i found the issue. My last curl statement, il post the answer in a min.Bodman
Had the wrong URL in using my access_tokenBodman

2 Answers

7
votes

Your site doesn't need to use SSL but all calls it makes to the Google+ API must use HTTPS. See: http://developers.google.com/+/api/oauth for more information about OAuth scopes in Google+

3
votes

I found the answer, i was using the wrong url for the api

https://www.googleapis.com/plus/v1/people/me?access_token={hash}