Does oauth gives the same rights as smugmug.login.withPassword

kounchkounch Registered Users Posts: 7 Beginner grinner
edited February 1, 2010 in SmugMug API Support & Integrations
I recently implemented oauth in my android application JustPictures!.

I see discrepancies of access rights between oauth and smugmug.login.withPassword methods. More specifically, users didn't need to provide their password when accessing password protected galleries when they were logged in through smugmug.login.withPassword, but using oauth, they seem to have to provide it.

Am I wrong ? is there a way around or will I have to detect the gallery is password protected and request the user to provide a password ?

thanks for any help you can provide.

Comments

  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited February 1, 2010
    yeah, there is something missing from the documents which controls this.

    when you send the user to the authorize url, there two additional parameters which control what the OAuth session can do.

    - Access: Public (default) or Full
    - Permissions: Read (default), Add or Modify

    So you just append these to your request like...

    &Access=Full&Permissions=Add

    So, as per your original question, giving 'Full' access to OAuth grants the token access to all unlisted/password protected galleries just like smugmug.login.withPassword.

    But you need to remember that just because your app requests the specific access, a user can modify it in the control panel, so you can't assume that you requested is actually what you get. Calling smugmug.auth.checkAccessToken returns the Access/Permissions that the user has granted your app.

    If you don't have full access to someone's account, you can determine if an album is password protected using the Passworded property.

    Let me know if you have any questions.

    Cheers,

    David
    David Parry
    SmugMug API Developer
    My Photos
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited February 1, 2010
    actually, it is in the documentation...step 1 under 'Obtaining User Authorization'
    David Parry
    SmugMug API Developer
    My Photos
  • kounchkounch Registered Users Posts: 7 Beginner grinner
    edited February 1, 2010
    You're right, that was it.
    do you know if I (as the app developper) can revoke all current auth tokens that users have been generating in the meanwhile (with Public access instead of Full) ?
    I need to have them change the access from Public to Full, but for now the only way of doing it seems to be for them to go to their settings on smugmug and change the access (as redoing the authorizatioon process doesn't change the access level...)

    thanks a lot, and sorry that I missed this part of the doc.

    cheers
Sign In or Register to comment.