Desktop App and OAuth2
344 views
Skip to first unread message
Oliver Bindel
Feb 15, 2022, 9:00:17 AM2/15/22
to Etsy API
hi,
i am developing a desktop application with Etsy access. Integration of the 2.0 Api worked well, now with Api v3 and OAuth2 i need a redirect URL which i dont have in a desktop app.
That means Etsy Integratin is now only available for Webapps?
Oliver
david olick
Feb 15, 2022, 4:18:31 PM2/15/22
to Etsy API V2
I can imagine that if you "implemented your own browser" (or included a browser with redirect hooks)... you could request Etsy's oauth page, have them log in, let them approve the scopes and allow access, and intercept the redirect to a website and instead capture the token information for your app.
You would still need to give a website name to Etsy to approve your redirect URLs, but this entire process should work.
FYI: by "implement your own browser", I mean do a GET request to a url (with cookie support), parse the relevant info you get from Etsy's servers, and display the important information to your user. You wouldn't need to fully support all HTML, just support reading the important text and links you get from Etsy.
FYI: by "implement your own browser", I mean do a GET request to a url (with cookie support), parse the relevant info you get from Etsy's servers, and display the important information to your user. You wouldn't need to fully support all HTML, just support reading the important text and links you get from Etsy.
I don't know if this is at all against Etsy's Terms of Service. If you are considering such an option, I would suggest looking into whether this process is OK or not. Maybe even confirm with an Etsy developer.
That all said, I think it's pretty clear Etsy's v3 API was not designed for a product or service without a website.
--
You received this message because you are subscribed to the Google Groups "Etsy API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etsy-api-v2...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/etsy-api-v2/1ba50ce1-c50d-4665-9999-dc02becbda5bn%40googlegroups.com.
Anne
Feb 17, 2022, 8:28:57 AM2/17/22
to Etsy API
Hi Oliver,
If you already have a valid token that you are using with the v2 API you can get an OAuth2 refresh token for v3 by exchanging it, as documented here:
https://developer.etsy.com/documentation/essentials/authentication/#exchange-oauth-10-token-for-oauth-20-token
You don't need to go through the standard web-based process if you are only using your application for a single shop and already have a legacy token. To authenticate from a desktop app without doing the refresh, you would need some sort of web app to participate in the authentication process, but once you acquire a refresh token (valid ~90 days) you can persist that, likewise you can just persist the refresh token from the exchange without using a web app. When you use the refresh token to get an access token, you get a new refresh token which you can persist, automatically extending the duration. Hope that helps.
Anne
david olick
Feb 17, 2022, 6:22:17 PM2/17/22
to Etsy API V2
I think what you suggested should work for Oliver right now.
That said, I'd like to add some pressure to Etsy's API developers to create a better solution. Because, if for whatever reason Oliver's refresh token expires, Oliver won't have a way to regain access to API v3. That definitely isn't ideal. Also, if someone else's on Oliver's team doesn't have a v2 token and they need a v3 token, there's a limited time window for them to create a v3 token.
Etsy should have a way for desktop applications to create v3 tokens (maybe even a dedicated page on Etsy's website).
I got a PM from someone who made the suggestion of adding localhost to your list of redirect URI's (for example, add https://localhost:8000 to https://www.etsy.com/developers/your-apps). I haven't tested that, however I am told that doing that will work.
That said, I'd like to add some pressure to Etsy's API developers to create a better solution. Because, if for whatever reason Oliver's refresh token expires, Oliver won't have a way to regain access to API v3. That definitely isn't ideal. Also, if someone else's on Oliver's team doesn't have a v2 token and they need a v3 token, there's a limited time window for them to create a v3 token.
Etsy should have a way for desktop applications to create v3 tokens (maybe even a dedicated page on Etsy's website).
I got a PM from someone who made the suggestion of adding localhost to your list of redirect URI's (for example, add https://localhost:8000 to https://www.etsy.com/developers/your-apps). I haven't tested that, however I am told that doing that will work.
The biggest issue I see with adding localhost is that any application written by anyone would now be able to request tokens and pretend to be your app. It breaks the only security Etsy put in place for v3 token authentication.
--
You received this message because you are subscribed to the Google Groups "Etsy API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etsy-api-v2...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/etsy-api-v2/f96a753c-8c04-4dd5-a11c-80241f4cb617n%40googlegroups.com.
Oliver Bindel
Mar 31, 2022, 1:44:22 PM3/31/22
to Etsy API
You can enter https://localhost to the redirect uris, but brings other problems to the desktop app. You can run a http Server, if your app runs in admin mode or if you reserve a port on the command line, , httpS is also a problem, you would have to install certs first on the os, all
is not reasonable for a user. So there are two ways left
1. If the app runs in Admin mode, open a local HTTP server, this works only if i enter a HTTPS redirection URL of a website of my webserver which redirects to the local HTTP server, so i dont need certs local.- then i fetch the code from the response
2. if the app runs in normal mode, Use a redirect url to my website, which displays the code and the user has to copy it to the application.
Reply all
Reply to author
Forward
0 new messages