1

Really sorry if this sounds awfully noob but I've been playing around Python for the past couple of days.

I've been trying to make a desktop client. Long story short, I've manage to make it so it generates a URL for authorization. It goes like http://www.samplesample.com/authorize/oauth_token=[bigassstringhere]&oauth_callback=http://sometokenrecievingurl.com

Going to that URL, I get redirected to http://sometokenrecievingurl.com?oauth_token=[anotherbigassstring]&oauth_verifier=[yetanotherbigassstring]

So my question is is there a way to get the oauth_token and oauth_verifier value without having to manually copy and paste the URL for authorization? Like is there a way for python to check the generated URL by itself, check the URL it's redirected to, then slice out the oauth_token and oauth_verifier part?

Again, sorry if this sounds simple to someone out there. I wouldn't be sure since I'm really new to this and I've been looking all over SO for relevant questions with no luck. Or maybe I'm just looking at the wrong links or terms. But yeah, any help would be appreciated.

Edit

Okay so I continued playing around and I relaized I totally forgot a step here. The generated URL actually directs you to a page where I'll need to click whether to allow access or not. After clicking Allow, that's the only time I get redirected to http://sometokenrecievingurl.com?oauth_token=[anotherbigassstring]&oauth_verifier=[yetanotherbigassstring]

So I was wondering, how do I go on about extracting those strings from an open browser?

Improve this question
1
  • See if you get anything useful from here and here Commented Mar 18, 2014 at 5:47

1 Answer 1

Reset to default
0

According to the presence of the oauth_verifier in your URLs you are trying to get through the OAuth 1.0a authorization flow.

As stated in the OAuth 1.0a specification:

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API

Which means that you should run a web server to make use of this authorization protocol.

The OAuth 1.0a authorization flow looks roughly like this:

  1. Fetch the request token URL of the provider from your server. You need to provide plenty of request parameters and sign the request. You will need the oauth_token and oauth_token_secret from the response. You should save the oauth_token_secret to some persistent storage like DB or session because you will need it later in the flow.
  2. Redirect the user to the user authorization URL of the provider where yo need to provide plenty of request parameters, one of which is also the oauth_token which you got in step 1 and the oauth_callback URL--a URL of your server where the provider will redirect the user after he/she grants access to your application.
  3. The provider redirects the user to the oauth_callback URL on your server. Here you should get the oauth_verifier and oauth_token from the request and retrieve the oauth_token_secret which you stored in step 1 and send them all with plenty of other request parameters including signature in a server-side fetch to the access token URL of the provider. Finally, the response should contain the oauth_token which is your desired access token with which you can access the user's protected resources through the providers API.

If you want to authorize users in a native (non-server) application, then you should rather use OAuth 2.0, which also supports authorization for native applications. But it also depends on the provider.

I would not recommend to you to implement this manually, especially not OAuth 1.0a but rather resort to one of the plenty python authorization frameworks.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.