Authenticating using Password Credentials OAuth

[jwaern]

Im trying to Authenticate my application using Password Credentials OAuth (http://disqus.com/api/docs/auth/) with hardcoded username and password, here is my C# code:

string URI = "https://disqus.com/api/oauth/2.0/access_token/";
string myParameters = "grant_type=password&client_secret=[SECRET-KEY]&client_id=[PUBLIC-KEY]&scope=read,write";

WebClient wc = new WebClient();

string authInfo = "[username]" + ":" + "[password]";
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
wc.Headers["Authorization"] = "Basic " + authInfo;

wc.Headers["ContentType"] = "application/x-www-form-urlencoded";
string HtmlResult = wc.UploadString(URI, "POST", myParameters);

This returns a 400 (Bad Request) error.It says in the disqus docs "This type of flow is restricted to approved applications only, so you must request access first.", I'm not sure if that might be the problem, but I've been unable to find a way to "request access" for my app, or is this for premium users only?

[David Cramer]

As the message states we limit access to this method due to security concerns.

Is there any reason you can't use a standard OAuth flow in this case?

--
--
http://groups.google.com/group/disqus-dev?hl=en

[jwaern]

Hi David,

the reason I want to use this method is that we have a bunch (20ish) of administrators on one site, and I want them to be able to edit the comments without having to log in anywhere else but our admin-page.

Dunno if that's a good reason but there it is :)

/ Jens

[David Cramer]

Could you do the standard oauth redirect flow

--
--
http://groups.google.com/group/disqus-dev?hl=en

[jwaern]

The reason I want to avoid that is that I don't want all admins to share one disqus-login but at the same time I don't want to force them all to create disqus-accounts of their own. It would be ideal for me to hardcode the login for my one account so noone has to worry about loging in / authenticating anywhere.

[David Cramer]

That to me days you want to share the same login, which unfortunately is not something we provide. You can achieve the same auth flow using oauth and the token, even if you share the same auth token in the app. I highly recommend registering accounts for each person though ad it will save you a lot of effort in the future

--
--
http://groups.google.com/group/disqus-dev?hl=en

[jwaern]

Ok, you're right I was hoping to share one login with all my admins this way, I'll have a look at using oauth/token.

Thank you David for your time!

[David Cramer]

Like I said, I don't recommend it. That said, you can easily just pass the same ouath token for all users.

-- 
David Cramer

twitter.com/zeeg

disqus.com/zeeg

--
--
http://groups.google.com/group/disqus-dev?hl=en