OAuth2 authentication
4 views
Skip to first unread message
sacha
Nov 25, 2013, 8:25:39 AM11/25/13
to europe...@googlegroups.com
Hi,
I'm having a devil of a time understanding how I use OAuth2 to access the new My Europeana bits of the API (https://www.assembla.com/spaces/europeana/tickets/405 - I'm told this stuff is now available on the live server too).
My scenario is an overnight harvester which will take a particular user's Saved Items and import them into another system. As such, it is a non-interactive OAuth client, so if there is any redirecting to login servers etc I will need to automate the login (I have the user's credentials) -- but I can't imagine this would be necessary. What I do imagine to be necessary is for the user to allow my client to access his details - once, as part of setting things up.
As I'm new to OAuth I'm unsure of how it works exactly. I've read the client portions of the OAuth2 RFC but have a hard time relating it to the information I have about Europeana OAuth2 access:
There are plenty of examples out there of how to access Twitter and Facebook via OAuth2, but in my ignorance of OAuth2 I can't tell how their concepts map to Europeana. In any case, there always seems to be a bit where it says, "and now the redirect to the login page" which suggests the examples are for interactive apps.
I'm using Python rauth (https://rauth.readthedocs.org/en/latest/) to prototype a client. If I can get that to work I can sniff the HTTP traffic and understand the interactions.
As I understand it, I need to:
I'm having a devil of a time understanding how I use OAuth2 to access the new My Europeana bits of the API (https://www.assembla.com/spaces/europeana/tickets/405 - I'm told this stuff is now available on the live server too).
My scenario is an overnight harvester which will take a particular user's Saved Items and import them into another system. As such, it is a non-interactive OAuth client, so if there is any redirecting to login servers etc I will need to automate the login (I have the user's credentials) -- but I can't imagine this would be necessary. What I do imagine to be necessary is for the user to allow my client to access his details - once, as part of setting things up.
As I'm new to OAuth I'm unsure of how it works exactly. I've read the client portions of the OAuth2 RFC but have a hard time relating it to the information I have about Europeana OAuth2 access:
*OAUTH2*
For access to all user functions the API server requires full
authentication of the API client by it's public key & private key
combination. Public = username, private = password.
For the OAUTH2 the following URL's are required:
token = http://europeana.eu/api/oauth/token
authorize = http://europeana.eu/api/oauth/authorize
For access to all user functions the API server requires full
authentication of the API client by it's public key & private key
combination. Public = username, private = password.
For the OAUTH2 the following URL's are required:
token = http://europeana.eu/api/oauth/token
authorize = http://europeana.eu/api/oauth/authorize
There are plenty of examples out there of how to access Twitter and Facebook via OAuth2, but in my ignorance of OAuth2 I can't tell how their concepts map to Europeana. In any case, there always seems to be a bit where it says, "and now the redirect to the login page" which suggests the examples are for interactive apps.
I'm using Python rauth (https://rauth.readthedocs.org/en/latest/) to prototype a client. If I can get that to work I can sniff the HTTP traffic and understand the interactions.
As I understand it, I need to:
- register my client with Europeana to obtain a client id and client secret -- but how/where?
- obtain an access token from http://europeana.eu/oauth/token -- I think this will involve interactive authorisation (the user granting my client access to his details), but hopefully only once?
- thereafter, have my client refresh/authorise the token (via http://europeana.eu/oauth/authorize) before I make API requests
Does anyone have experience of this, or know enough about OAuth2 to advise? My kingdom for some sample code!
Reply all
Reply to author
Forward
0 new messages