[Follow our blog posts, obsession with data, and original articles on Twitter @RJMetrics]
With the recent public release, we’re excitedly working on an easy interface that will allow our customers to view their Google Analytics data from their RJMetrics business intelligence dashboards. Jake’s been having a fun time putting this together, and today we tag-teamed a bizarre bug that we thought we’d share.
As a quick background, anyone who wants to pull data from Google applications (contacts, calendar, web statistics, etc) needs to first be granted permission to do so by the user who owns or has legitimate access to that data. Google originally built its own “Google Authentication Service” to accomplish this, and has also recently adopted the open API authorization protocol OAuth.
Using the Google Authentication Service is very easy– in fact, a simple script like the one found can be uploaded to test it out without any modification. In essence, here’s what happens:
- As a webmaster who wants to use a visitor’s data, you build a custom link that sends your visitor to a special Google page for permission authorization. You also send a variable that tells them where to redirect the user if they say it’s OK.
- The Google page recognizes the domain name of the redirect URL you sent and asks if the user is comfortable sharing his or her information with the website at that domain.
- Assuming they say yes, the users is redirected to the URL you specified, along with a token that you can then use to request their data via the Google API.
Optionally, you can make the permission authorization page less scary-looking (fewer warnings, etc) by “registering” your website with Google. This is a simple that basically associates a given URL with a Google Account.
Simple, right? We followed Google’s instructions and built the Google authorization URL exactly to specifications. However, when it was followed (from any machine) we received the following error:
The page you have requested cannot be displayed. Another site was requesting access to your Google Account, but sent a malformed request. Please contact the site that you were trying to use when you received this message to inform them of the error. A detailed error message follows:
The site “http://rjmetrics.com” has not been registered.
So here’s the strange part: site registration is optional, so the fact that we weren’t registered shouldn’t have mattered. In fact, if we changed the “next” variable in our custom Google URL (that’s the variable specifying where to send the user after approval) to any other domain (even one that didn’t exist), the process worked fine and the user could “grant access” and be sent back to whatever URL we had chosen… as long as it wasn’t rjmetrics.com.
Just to recap, we had an error message saying our domain “has not been registered,” but evidence that you don’t need to register your domain with Google in order for the page that generated the error to work. And, we couldn’t replicate this error on any of the dozens of other non-RJMetrics domains we tried. What made our domain so special? One thought was that we have always used Google Apps for our e-mail, calendars, etc, so our domain is already well known to Google (and at some point in time our ownership of the domain had been verified in some way).
While the error message was quite intriguing and somewhat nonsensical, our best chance at an easy fix was quite obvious: register our domain with Google. When I got to the domain registration page, things looked extremely familiar. I had done this before– way back when we first set up Google Apps for our domain I completed the steps on this exact same page. The only difference now was that, after registration was verified, we were given an OAuth Consumer Key and Token to use with that domain.
And that did it. As soon as we registered our site, the error message disappeared and the authorization process worked flawlessly.
OK, so the story is anticlimactic, but what’s really interesting is the error message we saw and the fact that our domain seemed exclusively exposed to this issue.
So, here’s what we think happened: At some point in time back before OAuth was being used by Google and possibly when the Google APIs were still young, we went through a “domain verification” process in order to use Google Apps with our domain. This created some kind of record on Google’s servers associated with the ownership of our domain name. However, when Google started using that same verification process to register domains for API usage (and slightly modified it to include OAuth), our legacy record stuck around but different or missing data associated with it.
Fast forward to today. We built the custom Google authentication URL that included our domain name as the “next” variable. Google found a record associated with our domain saying that it was registered in some way (thus not generating the page for un-registered URLs). However, our registration didn’t contain all of the information associated with API-related registrations. Since we didn’t qualify in either category, the result was the bizarre “not registered” warning (now especially bizarre since we actually were registered in some way).
When we went through the registration page this time, whatever old record had existed was overwritten and everything was repaired.
Anyway, if you get this error the quick fix is to simply register your domain with Google. Yes, we could have said that in a few hundred fewer words (heck, we could have tweeted it). What we enjoyed, however, was speculating about the origins of this strange behavior. We hope you enjoyed it too!