User authentication for web applications

61 views
Skip to first unread message

Andreas Ehn

unread,
Feb 28, 2010, 2:10:28 PM2/28/10
to pylast
Hi,

Is there a (simple or right) way to use pylast for Last.fm user
authentication for web applications? It seems currently only the
scheme for desktop applications is supported.

http://www.last.fm/api/webauth vs http://www.last.fm/api/desktopauth

The difference is pretty small. Instead of first fetching a request
token and then redirecting your user to http://www.last.fm/api/auth/?api_key=<key>&token=<token>,
you redirect the user to http://www.last.fm/api/auth/?api_key=<key>
(no token) and then get a callback (in a way) through a redirect from
Last.fm to your web app which includes the generated token as a
parameter. Then you use that token with auth.getsession.

Cheers,
Andreas

Andreas Ehn

unread,
Feb 28, 2010, 7:29:10 PM2/28/10
to pylast
On Feb 28, 8:10 pm, Andreas Ehn <e...@a8n.se> wrote:

> Is there a (simple or right) way to use pylast for Last.fm user
> authentication for web applications? It seems currently only the
> scheme for desktop applications is supported.

I ended up supplementing SessionKeyGenerator.get_web_auth_session_key
like this (from pylast.py:880 onwards):

def get_web_auth_session_key(self, url="", token=""):
"""Retrieves the session key of a web authorization process by
its url or token."""

if url in self.web_auth_tokens.keys():
token = self.web_auth_tokens[url]

request = _Request(self.network, 'auth.getSession', {'token':
token})

Here is the patch:

--- original/pylast.py 2010-02-20 08:21:44.000000000 +0100
+++ new/pylast.py 2010-02-28 20:28:58.000000000 +0100
@@ -877,13 +877,11 @@

return url

- def get_web_auth_session_key(self, url):
- """Retrieves the session key of a web authorization process
by its url."""
+ def get_web_auth_session_key(self, url="", token=""):
+ """Retrieves the session key of a web authorization process
by its url or token."""

if url in self.web_auth_tokens.keys():
token = self.web_auth_tokens[url]
- else:
- token = "" #that's gonna raise a WSError of an
unauthorized token when the request is executed.

request = _Request(self.network, 'auth.getSession', {'token':
token})

Cheers,
Andreas

Owen Meyers

unread,
Mar 12, 2010, 12:07:38 PM3/12/10
to pylast
Great! Thank you Andreas. I was having difficulty figuring out how to
get web authentication working with pylast, but your patch has done
the trick.

Best,
Owen.

Reply all
Reply to author
Forward
0 new messages