Hello again kind and benevolent people of the internet.
I was reading Kathryn Hurley's write up on using OAuth with Fusion Tables (link here: OAuthandFusionTables), and also studying an answer from Odi to my earlier question(s) on the on this subject (link here: My previous question), and also have read & reread the google-api-javascript-client library reference (link here: gapi reference) but I'm still very much puzzled by the apparent behavior regarding Fusion Tables, oAuth2.0, and the google-api-javascript-client library as revealed on the Javascript API example provided by Google (link here: Google Example Javascript gapi with Fusion Tables).
For the Google Javascript API example:
A.) Why doesn't the Fusion Table oAuth request for table insert and update using the gapi-client javascript library acutally use the returned oAuth token in the sql request string?
...or put another way: B.) When using the google-api-javascript-client library what actual good is the access Token?...how is the returned authorization token actually used per Kathry Hurley's write for "Application 2 - Creating an application that allows users to access their own Fusion Table data"?
...or put another way: C.) Is perhaps the https ssl connection between the browser session and the Google Fusion Table server that is actually 'authorizing' and allowing the access?...and this is sometype of ssl connection (which I don't really understand)...and not the access token at all allowing access, and the token is just a returned "flag" that indicates the session is good/connected/ok when using the gapi-client?
Or D.) Am I simply hallucinating?...and not properly seeing something with the Javascript API example and/or the gapi client library?
Here's some more details:
First try out the Javascript API example (again link here: Google Example Javascript gapi with Fusion Tables) ...it's really quite good, and for me a challange to understand.
Second try out my "hack" of this API example, that throws in an bunch of alerts (so I could keep track of what is going on), and also that writes the SQL strings to the screen: (link here: My example hack of the Google gapi example)
And as best I can see from my hack of the example, for both the "Create Table" and for the "Insert data" the access authToken is not part of the sql string submitted to Fusion Tables: Example:
{"b":{"path":"/fusiontables/v1/query","method":"POST","params":{},"headers":{"Content-Type":"application/x-www-form-urlencoded","Content-Length":105},"body":"sql=INSERT%20INTO%201zkJhx0XdI3SsguI2Pided-m28mNSzI0MsMKNhY0%20(Name%2C%20Age)%20VALUES%20('test'%2C%204)"}}
There is no auth access token in the above string.
But per Kathry Hurley's write up (on OAuth 2.0 and Fusion Tables), here are the steps, paying particular attention to step 7:
0 Register your application
1 User Visits your web application
2 Your web application redirects the user to Google Authorization page
3 User grants your web application access
4 Google redirects the user back to your web application and returns an authorization code
5 Your application requests an access token and refresh token from Google 6 Google returns access token, refresh token, and expiration of access token
7 Access token can be used for all subsequent requests to Fusion Tables, until the token expires
8 When the access token expires, the refresh token is used to request a new access token
Step 7 above seems to stipulate the Access token is used for subsequents requests. ...and the provided sample code shows the access token being included:
urllib.urlencode({
'sql': 'SHOW TABLES',
'access_token': access_token
}),
Soooo...I'm puzzled by the difference in the apparent behavior of the gapi.client library in the Google example (which does not apparently submit the access token on the sql request string when doing inserts or updates) and the write up on how the access auth token is supposed to be submitted when accessing Fusion Tables.
Perhaps some folks could shed some light? thanks in advance
