search

ddo / oauth-1.0a

OAuth 1.0a Request Authorization for Node and Browser
MIT License
325 stars 116 forks source link

Working with Etsy Api - Example? #10

Closed villanus closed 10 years ago

villanus commented 10 years ago

Hello, I am trying to use your OAuth library, with Etsy Api to manage products. This is going to be used for personal use, so security is not an issue.

Trying to figure out how I can get a request token, and store it for signed requests. Can you please show a client side example (preferably etsy) on how to authenticate with oauth, and then save credientials for future requests?

THANKS IN ADVANCE

https://www.etsy.com/developers/documentation/getting_started/oauth

ddo commented 10 years ago

i tested, follow the below steps:

init

var request = require('request');
var OAuth   = require('oauth-1.0a');

var oauth = new OAuth({
    consumer: {
        public: 'xxx',
        secret: 'xxx'
    }
});

Obtaining Temporary Credentials - request token

var request_data = {
    url: 'https://openapi.etsy.com/v2/oauth/request_token?scope=email_r',
    method: 'POST'
};

request({
    url:    request_data.url,
    method: request_data.method,
    form:   oauth.authorize(request_data),
    json:   true //parse respone as json
}, function(err, res, data) {
    // {
    //     login_url: 'https://www.etsy.com/oauth/signin?oauth_consumer_key=xxx&oauth_token=xxx&service=v2_prod',
    //     oauth_token: 'xxx',
    //     service: 'xxx',
    //     oauth_token_secret: 'xxx',
    //     oauth_callback_confirmed: 'true',
    //     oauth_consumer_key: 'xxx',
    //     oauth_callback: 'oob'
    // }
}

access the login_url to get the credential (oauth_verifier) 

var request_data = {
    url:    'https://openapi.etsy.com/v2/oauth/access_token',
    method: 'POST',
    data: {
        oauth_verifier: 'xxx'
    }
};

var token = {
    public: 'xxx',
    secret: 'xxx'
}

request({
    url:    request_data.url,
    method: request_data.method,
    form:   oauth.authorize(request_data, token)
}, function(err, res, data) {
    // oauth_token=xxx&oauth_token_secret=xxx
});

access the login_url to get the credential

Obtaining Token Credentials - access token

var request_data = {
    url: 'https://openapi.etsy.com/v2/oauth/access_token',
    method: 'POST',
    data: {
        oauth_verifier: 'xxx'
    }
};

var token = {
    public: 'xxx',
    secret: 'xxx'
}

request({
    url: request_data.url,
    method: request_data.method,
    form: oauth.authorize(request_data, token)
}, function(err, res, data) {
    // oauth_token=xxx&oauth_token_secret=xxx
});

Making an Authorized Request to the API - since you got the tokens you can use oauth-request to play around with the API

var request_data = {
    url: 'https://openapi.etsy.com/v2/users/__SELF__',
    method: 'GET'
};

var token = {
    public: 'xxx',
    secret: 'xxx'
}

request({
    url: request_data.url,
    qs: oauth.authorize(request_data, token),
    json: true
}, function(err, res, data) {
    // {
    //     count: 1,
    //     results: [{
    //         user_id: 53899516,
    //         login_name: 'ddooo',
    //         primary_email: 'joeddo89@gmail.com',
    //         creation_tsz: 1411796074,
    //         referred_by_user_id: null,
    //         feedback_info: [Object],
    //         awaiting_feedback_count: 0
    //     }],
    //     params: {
    //         user_id: '__SELF__'
    //     },
    //     type: 'User',
    //     pagination: {}
    // }
});
villanus commented 10 years ago

Sorry, I am not able to get this to work with Jquery Client side Javascript. I get Access-Control-Origin header issues.

Here is what I have translated to client side Jquery code so far. 

<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/enc-base64-min.js"></script>
<script src="oauth.js"></script>

<script>
/*
var request = require('request');
var OAuth   = require('oauth-1.0a');
*/

var oauth = new OAuth({
    consumer: {
        public: 'xxx-keystring',
        secret: 'xxx-shared-secret'
    }
});

var request_data = {
    url: 'https://openapi.etsy.com/v2/oauth/request_token?scope=email_r',
    method: 'POST'
};

$.ajax({
    url: request_data.url,
    type: request_data.method,
      form:   oauth.authorize(request_data),
    json:   true //parse respone as json

}).done(function(err, response, data) {
    console.log(done);
});

</script>
ddo commented 10 years ago

you can't do it on website, unless your client side is an extension or something else that allows cross domain requests

https://github.com/ddo/oauth-1.0a#client-side-usage-caution

villanus commented 10 years ago

Makes total sense. I feel like an idiot. So I guess the only alternative is to create some sort of asp.net service or something to proxy the requests right?

ddo commented 10 years ago

Only modern browsers disallow the cross domain requests, all the oauth request should be called on your server side, the client side just communicate with your server.

in your case:

etsy <--> your server <--> website

If your client side is not a website, you can send the cross domain i believe. But you should do same as above since we can protect our secret key.

villanus commented 10 years ago

Great. Let me look into this a bit. If i get a good proxy solution (php, asp) I will post my findings here. Thank you so much in advance.

villanus commented 10 years ago

So I disabled Cross Domain limitation in chrome, and now it seems like i can connect to etsy api just fine. (I know this is not good practice but for our needs its fine).

When I run the code above, etsy returns error 400.

villanus commented 10 years ago

looks like they require SSL when trying to do this on the client. Going to try and do it via NginX reverse proxy and see if that gets us anywhere.

ddo commented 10 years ago

sure :)

https://openapi.etsy.com/v2/oauth/