Tumblr OAuth Tutorial

[John Drefahl]

So let me break it down for you all..  I am just going to run down all the issues and caveats that were discovered while I was hacking away at the Tumblr API.  In most cases you will not find any of these answers on the inter webs.  If you do, they most likely will just be my answers to my own questions that I posted to the Forums.

1. A Tumblr Application is defined by any page template either hosted by Tumblr or not that will be using the Tumblr API.  Applications must be registered with Tumblr at:  https://www.tumblr.com/oauth/apps
   
   
2. All Tumblr Applications upon creation are given a set of keys for accessing the Tumblr API.
1. OAuth Consumer Key aka API Key
2. Secret Key
   
   
3. The Tumblr API is divided mainly into two different types of methods.  The third being “Tagged” which is for pulling tagged posts from the Blog or the User.
1. “Blog Methods” which only require the submission of the Consumer Key.
2. “User Methods” which require a full OAuth signed request which meets the OAuth 1.0a Protocol.
1. The “User Likes” returns a maximum of 50 records at a time.  This is not documented in the Tumblr API docs.
   
   
4. Currently the Tumblr API documentation directs developers to use one of the many open source API clients.  However, all these clients seem to be Server Side applications.  For providers, such as Tumblr, which support only OAuth1 or OAuth2 with Explicit Grant, the authentication flow needs to be signed with a secret key that may not be exposed in the browser. HelloJS gets round this problem by the use of an intermediary webservice defined by oauth_proxy. This service looks up the secret from a database and performs the handshake required to provision an access_token. In the case of OAuth1, the webservice also signs subsequent API requests.
   
   
5. HelloJS - http://adodson.com/hello.js/ is the only client-side Oauth library that was available and free.  There are many services out there that charge on a per-api hit basis to serve as a proxy.
1. The HelloJS OAuth Proxy is available at: https://auth-server.herokuapp.com/
2. Login to the OAuth Proxy is done using one of the following social account credentials: Google, Windows Live, Facebook, or Yahoo.
3. OAuth Proxy serves as a secure “man in the middle” allowing for the “Secret Key” to be securely stored while still allowing for Client-Side OAuth authentication.
   
   
6. HelloJS features a special Tumblr Module - http://adodson.com/hello.js/demos/tumblr.html
   
   
7. HelloJS utilizes the new Javascript Promises asynchronous functions specification - https://www.promisejs.org/
   
   
8. Javascript Promises have some unique rules when it comes to passing objects received from an asynchronous AJAX call.
1. With everything is done in the callback.
2. What jQuery calls a promise is in fact totally different to what everyone else calls a promise.

Hope this helps for future Tumblr integrations.

John

[Wiley Snyder]

thx

--
You received this message because you are subscribed to the Google Groups "Tumblr API Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tumblr-api+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.