oAuth makes me cry inside
phillprice
Registered Users Posts: 2 Beginner grinner
:scratch I've been trying to get my little bonts around how it works all day?!
As far as I can make out this is what I have to send people to to give their authorisation and then (like flickr, zooomr, ipernity) a seperate requests goes tot he callback url with the bits needed to get a full token? Right??
SO here is goes...
http://api.smugmug.com/services/oauth/getRequestToken.mg?oauth_consumer_key=TbqNXCCFjDMAk1lNBaqNhgtnMIKXxAny&oauth_signature_method=HMAC_SHA1&oauth_signature=[errrr]
right firstly how do I get the signature into HMAC_SHA1 ? I found a lovely php function to do it ... apart from it requesting moth some data and a key... so what's the key? Is it the consumer secret?
Secondly = is this the correct format and content for the pre-encoded string?
GET&http%3A%2F%2Fapi.smugmug.com%2Fservices%2Fapi%2Fjson%2F1.2.2%2F&oauth_consumer_key=TbqNXCCFjDMAk1lNBaqNhgtnMIKXxAny&oauth_nonce=bba367f1fad8c001dbf016e69e2d6437&oauth_timestamp=1243980817
3rdly Am I ANYWHERE near to the proper way? :cry
As far as I can make out this is what I have to send people to to give their authorisation and then (like flickr, zooomr, ipernity) a seperate requests goes tot he callback url with the bits needed to get a full token? Right??
SO here is goes...
http://api.smugmug.com/services/oauth/getRequestToken.mg?oauth_consumer_key=TbqNXCCFjDMAk1lNBaqNhgtnMIKXxAny&oauth_signature_method=HMAC_SHA1&oauth_signature=[errrr]
right firstly how do I get the signature into HMAC_SHA1 ? I found a lovely php function to do it ... apart from it requesting moth some data and a key... so what's the key? Is it the consumer secret?
Secondly = is this the correct format and content for the pre-encoded string?
GET&http%3A%2F%2Fapi.smugmug.com%2Fservices%2Fapi%2Fjson%2F1.2.2%2F&oauth_consumer_key=TbqNXCCFjDMAk1lNBaqNhgtnMIKXxAny&oauth_nonce=bba367f1fad8c001dbf016e69e2d6437&oauth_timestamp=1243980817
3rdly Am I ANYWHERE near to the proper way? :cry
0
Comments
If you are doing all this in php, you might want to have a look at this. I'm pretty sure that will be a heap either to implement than doing it yourself.
Let me know how you get on.
Cheers,
David
SmugMug API Developer
My Photos
Unfortunately I'm working on a WordPress Plugin so I can't guarantee they (or I) have the plug-in
At the moment I'm using login with password to get the hash and then use that to obtain sessions; but I (and they) won't like putting their password into their WP dashboard as I can't guarantee their dahsboard will be SSL (even though the underlying site-to-site is SSL)
ok no worries, let me answer your original questions
SmugMug API Developer
My Photos
The key needs to be a string like below...
[consumer secret]&[token secret]
when requesting a request token, obviously you don't have a token, so you use the string...
[consumer secret]&
this looks kinda right, except encoded url doesn't look right.
Firstly, a bit of background...SmugMug provides two different formats for the OAuth responses: an OAuth compliant one or one that returns our standard API responses.
If you use the endpoints, api.smugmug.com/services/oauth/getRequestToken.mg(or getAccessToken.mg), we return the OAuth compliant responses.
If you use the endpoints, api.smugmug.com/services/api/[type]/1.2.2/?method=smugmug.auth.getRequestToken, we return our standard api responses.
So in the url above, you need to either include the method parameter value pair (like what you have done with the oauth parameters)..or use the oauth compliant endpoint.
Hope this makes some sense.
Cheers,
David
SmugMug API Developer
My Photos