oAuth & API help for Newbie
lmissak
Registered Users Posts: 3 Beginner grinner
Hi, I just joined the forum and was looking into how to use oAuth and the API. I have been playing around with the javascript oAuth library found here http://oauth.googlecode.com/svn/code/javascript/. I've never used oAuth before and am confused on a few things. The example page from the above link has a "Get Request Token" form which generates an oauth_timestamp, oauth_nonce, oauth_signature, oauth_token and oath_token_secret using HMAC-SHA1. It then has an "Authorize" form which takes the request token value and sends it to http://api.smugmug.com/services/oauth/authorize.mg to bring up the SmugMug Authorize page where i click on the Authorize button and my App gets authorized. That's all good. What I don't understand is what do I do next????
So my app is authorized. Now, lets say, I want to create a new album. Using http://api.smugmug.com/services/api/json/1.3.0/ and method=smugmug.albums.create, where do I get the required oauth arguments from? Do i have to generate them each time I make one of these API calls or do i use the same values that I used to authorize the app in the first place? Sorry if this sounds totally basic but I've never done something like this before an I'm totally lost and haven't found any good examples of how to do it.
Any help would be much appreciated.
Thanks!
So my app is authorized. Now, lets say, I want to create a new album. Using http://api.smugmug.com/services/api/json/1.3.0/ and method=smugmug.albums.create, where do I get the required oauth arguments from? Do i have to generate them each time I make one of these API calls or do i use the same values that I used to authorize the app in the first place? Sorry if this sounds totally basic but I've never done something like this before an I'm totally lost and haven't found any good examples of how to do it.
Any help would be much appreciated.
Thanks!
0
Comments
2. generate an authorization url using your APIkey, temporary Token Id/Secret, Access level, and Permission Level
3. ask user authorize your app via the above url
4. use your OAuthSecret, APIKey, temp Token Id and Secret, call smugmug.auth.getAccessToken for a persistent Token ID and Token Secret
5. use your OAuthSecret, APIKey, and persistent Token ID and Secret for all subsequent requests
You'll need to juggle a persistent token ID & Secret pair per smugmug user
The persistent token ID & Secret are valid until your application forgets them, your OAuthSecret/APIKey changes, or the user changes/sacks your app in their control panel.
The perm and temp Token Id/Secret are supposedly keyed to only work with your OAuthSecret and APIKey
Also, once I have the persistent Token ID and Token Secret, do I still need to generate and send a unique oauth_nonce and oauth_timestamp each time I make an API call?
Thanks!
The signature is based on the timestamp and a nonce - both should change every request.
The lib really should be managing these details for you. the read me for that lib has a nice warning: 'This library isn't as useful as you think it's going to be.'
Try building a small test app using a mature library ( phpSmug isn't sexy, but works for me ) - once you have a reference, then maybe work on the javascript library so it manages the minutia before deploying an app using it
Thanks again!