Flex RIAs can’t call Google APIs

I’ve been looking into ways to access the Google APIs from Flex recently for an Air Project I’m planning to build in my spare time.

I managed to get the following process working fairly easily in AIR:

Step 1: User enters their Google login details which then get passed to google’s https://www.google.com/accounts/ClientLogin API login script which returns a string of variables including the google session authorization variable.

Step 2: Using the Auth variable passed back from a successful google login you can then call the many Google data APIs available – in the example I built after a successful login the app simply retrieves the user’s google contact list.

This all seemed to be working fine in Adobe AIR.

It was when I tried to port this to a web based RIA that I started running into obstacles.

Most of the problems are down to google’s lack of / restictions in their crossdomain.xml

There’s a crossdomain file here:

http://www.google.com/crossdomain.xml

But it doesn’t include the <allow-access-from domain=”*” /> tag  🙁

Plus there’s no crossdomain.xml file on google secure domain https://www.google.com domain which needs to be called to get the authorization variable to access the various APIs.

Even when you run a Flex app locally in a browser you run into further problems if you ever get past the login stage you then need to send the ‘Authorization’ head with “auth=[the_key]” with every API call in the header of you HTTP request.

But guess what? As of flash player 9.0.115 the “Authorization” header was been blacklisted! So it just gets ripped out of the request and the call to google fails!

From reading other posts I understand that you can now use the Authroization header with more recent versions of Flash Player but…

The site you’re calling requires this to be added to the crossdomain file:

<allow-http-request-headers-from domain="*" headers="Authorization"/>

More info from Adobe here:

http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403184&sliceId=2

No – that node doesn’t not exist in Google’s crossdomain file! Lol.

So, my next attempt to get round this obstacle involved downloading Abdul Qabiz’s as3httpclient library for adding headers to your http requests from Flex.

This actually gets round the header issue very well and did allow me to call Google Contacts API request url and include the required Authorization header. Locally that is…

As soon as I then tried to run the working files on my remote web server I saw that for socket calls too (this is how the as3httpclient make requests) also requires a crossdomain.xml for socket calls 🙁

I give up – am just going to stick to building an AIR app where it all just works…