OAuth Authorization Callback

PhoShizzlePhoShizzle Registered Users Posts: 3 Beginner grinner
edited August 29, 2011 in SmugMug API Support & Integrations
Hi,

*First Post!*

Does the OAuth Authorization Callback work? Whenever I click the authorize button the next page does not provide a link to the callback URL or perform a redirect to the callback URL. The oauth_callback parameter is present in the URL (and is visible in the browser address bar).

Thanks

Comments

  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited March 5, 2009
    Hey John,

    Welcome :D

    We don't support the oauth_callback in the Authorization step, as we believe that arbitrarily assigning that at runtime is a security flaw. In the event that a consumer's token and secret is compromised such functionality actually aides someone in masquerading as the consumer without anyone's knowledge. Since it's in our best interest to protect our customers, we chose not to implement it.

    However, we do support setting a static oauth_callback against a consumer's token...go to the Settings tab of the control panel, and click the 'Change' link next to the details for your api key and you will be able to enter one.

    Hope this helps.

    Cheers,

    David
    David Parry
    SmugMug API Developer
    My Photos
  • PhoShizzlePhoShizzle Registered Users Posts: 3 Beginner grinner
    edited March 5, 2009
    Lightbulb moment!

    Did I miss this in the documentation somewhere?

    I think how you have implemented it is better than passing at runtime.

    Thanks David
  • PhoShizzlePhoShizzle Registered Users Posts: 3 Beginner grinner
    edited March 5, 2009
    Excellent stuff, that works perfectly. Thanks again David.
  • BeachBillBeachBill Registered Users Posts: 1,311 Major grins
    edited February 7, 2010
    I just encountered a problem in Control Panel/Settings /API Keys

    I've got two API keys. In my control panel, I can go into the first (older) key and set the app url and oauth callback url, click save and the "box" closes and "Changing API key" display and goes away.

    I try the same with the new API key (just requested and received tonight), click Change the "box" opens, enter the app url and oauth key and click Save. The "box" does not close, but the "Changing API key" display and goes away but the box remains open and the information is not saved...
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited February 7, 2010
    BeachBill wrote:
    I just encountered a problem in Control Panel/Settings /API Keys

    I've got two API keys. In my control panel, I can go into the first (older) key and set the app url and oauth callback url, click save and the "box" closes and "Changing API key" display and goes away.

    I try the same with the new API key (just requested and received tonight), click Change the "box" opens, enter the app url and oauth key and click Save. The "box" does not close, but the "Changing API key" display and goes away but the box remains open and the information is not saved...

    what browser are you using ?
    David Parry
    SmugMug API Developer
    My Photos
  • BeachBillBeachBill Registered Users Posts: 1,311 Major grins
    edited February 7, 2010
    devbobo wrote:
    what browser are you using ?

    I've tried Firefox 3.5.7, Chrome 4.0.249.78 (36714) and IE8 on Vista and Safari 4 on OS X Snow Leopard.

    Same results on all four.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited February 7, 2010
    BeachBill wrote:
    I've tried Firefox 3.5.7, Chrome 4.0.249.78 (36714) and IE8 on Vista and Safari 4 on OS X Snow Leopard.

    Same results on all four.

    yeah, found this issue...it's fixed internally.
    David Parry
    SmugMug API Developer
    My Photos
  • BeachBillBeachBill Registered Users Posts: 1,311 Major grins
    edited February 7, 2010
    devbobo wrote:
    yeah, found this issue...it's fixed internally.

    Thanks!

    Will the fix roll out to the live site some time this week?
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • BeachBillBeachBill Registered Users Posts: 1,311 Major grins
    edited March 1, 2010
    Dev, I'm still having this problem. Has the fix been rolled out to live yet, or do you know when it will be?
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited March 1, 2010
    BeachBill wrote:
    Dev, I'm still having this problem. Has the fix been rolled out to live yet, or do you know when it will be?

    Hey Bill,

    Sorry I didn't follow up....it's fixed but you will need to get a new api key.

    Cheers,

    David
    David Parry
    SmugMug API Developer
    My Photos
  • BeachBillBeachBill Registered Users Posts: 1,311 Major grins
    edited March 1, 2010
    Thanks, can you delete the key that I requested on 2010-02-06? ...since I won't be using it and it might get confusing seeing it in my control panel.
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited March 1, 2010
    BeachBill wrote:
    Thanks, can you delete the key that I requested on 2010-02-06? ...since I won't be using it and it might get confusing seeing it in my control panel.

    It should appear as 'Closed' in your control panel now.

    Cheers,

    David
    David Parry
    SmugMug API Developer
    My Photos
  • BeachBillBeachBill Registered Users Posts: 1,311 Major grins
    edited March 1, 2010
    devbobo wrote:
    It should appear as 'Closed' in your control panel now.

    Thanks!
    Bill Gerrard Photography - Facebook - Interview - SmugRoom: Useful Tools for SmugMug
  • mattwrightmattwright Registered Users Posts: 124 Major grins
    edited August 27, 2011
    devbobo wrote: »
    We don't support the oauth_callback in the Authorization step [...] However, we do support setting a static oauth_callback against a consumer's token...go to the Settings tab of the control panel, and click the 'Change' link next to the details for your api key and you will be able to enter one.

    Please put this in the docs! :) Spent a while tracking this down...

    Maybe as an asterisk to section ii.4 of the authentication flow at: http://wiki.smugmug.net/display/API/OAuth

    Thanks,

    Matt
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited August 29, 2011
    mattwright wrote: »
    Please put this in the docs! :) Spent a while tracking this down...

    Maybe as an asterisk to section ii.4 of the authentication flow at: http://wiki.smugmug.net/display/API/OAuth

    Thanks,

    Matt

    done, thanks :D
    David Parry
    SmugMug API Developer
    My Photos
Sign In or Register to comment.