[Question] Upload Images From Third Party App?

[pierotofy]

Hello :hand:, I'm currently looking into the feasibility to add a plugin to WebODM (https://github.com/OpenDroneMap/WebODM) to allow one-click map sharing of datasets to OAM.

I have a few questions in that regard, not sure if this is the right place:

• Is it possible for apps outside of OAM to upload images at this point?
• Is there an official documentation page for the API (source code will do as well, which files should I look at)?
• Are tokens still required to do uploads? I ask because I noticed that I can now log-in with a Google Account to OAM, but there's no way to retrieve a token from my profile page, however I can upload images directly from my account, so I'm a little confused as to what form of authentication a third party app would need to provide to authenticate. Perhaps a token is already associated with my account but it's just not shown?

Thank you.

[pierotofy]

Anyone here? :smile:

[mojodna]

@sharkinsspatial is likely most familiar with this.

[smit1678]

@pierotofy 👋 we had sent a couple notes to @smathermather a little while back just get started: https://gist.github.com/smit1678/2ae2fbe611eabc7a97cd574f835c5a4c. But a couple inline comments to keep this going:

Is it possible for apps outside of OAM to upload images at this point?

Yes, just needs a little work

Is there an official documentation page for the API (source code will do as well, which files should I look at)?

This isn't fully complete yet but @sharkinsspatial can help point to the right places more and help outline

Are tokens still required to do uploads? I ask because I noticed that I can now log-in with a Google Account to OAM, but there's no way to retrieve a token from my profile page, however I can upload images directly from my account, so I'm a little confused as to what form of authentication a third party app would need to provide to authenticate. Perhaps a token is already associated with my account but it's just not shown?

No tokens are not required anymore. There is a new endpoint at the moment and we're going to build that out more.

[sharkinsspatial]

Hi @pierotofy. Sorry for not seeing this earlier. OpenAerialMap is in the process of consolidating several component repos and the functionality from oam-uploader-api has been incorporated into the oam-catalog, so I have not monitored issues on this repo. See https://github.com/hotosm/oam-browser/issues/220 for more background on this.

As a result, API authentication was shifted to using cookies which limits usability for third party apps. For a recent integration with the DroneDeploy app marketplace we have included some new endpoints for obtaining a jwt via Facebook or Google OAuth. This token can then be used for making authenticated requests to upload images.

You can view the token retrieval process here and here. Are your users currently using social logins for OpenAerialMap or do they have older email based accounts? If social logins don't work for your users, we can coordinate on some other token generation methods. Currently, due to DroneDeploy application siloing, oam-catalog uses a message passing scheme to return the token, but we can provide other endpoints to return tokens directly for your application if necessary.

Once you have a valid token you can use the simplified upload endpoint with some url parameters and one body element to POST uploads. You can see an example of constructing this POST url here. This request requires a single body element download_path which is a publicly accessible url where the image can be download.

Again, apologies for the lack of documentation on this since this functionality is rather new and this will be the first third party application integration. I can try to write up some docs for this if you think you would find it useful. Please ping me with any questions you have and let me know whatever we can do to help out with the integration.

[pierotofy]

Thank you both! The example code is straightforward enough.

If I can give my two cents, it would really facilitate things (from a third party perspective) to either have:

1. Ability for users to create "upload tokens" within OAM to upload imagery. A user would log-in to OAM, create a token, then use that token in third party apps for uploads.
2. Not sure this would work due to security and the way oauth works, but a popup/iframe page within openaerialmap.org that could allow a user to log-in (from another domain) and send the token back to the requester.

What are the current plans for the new endpoint?

[pierotofy]

Hey @sharkinsspatial, users can use social logins if necessary (although I think tokens would work a lot better, see 1) in my previous comment).

No worries! Code for documentation works just fine for me. 😄 thanks a lot for the links.

The reason for preferring tokens in our case is that WebODM is currently not centralized, people download it and install it on their infrastructure, so if they wanted to use oauth they would have to create social apps in order to get a clientID/secret pair. We could provide a central point of authentication on webodm.org, but that would be less than ideal.

If there's the possibility to add such token mechanism, please let me know. I'd be happy to help.

[sharkinsspatial]

@pierotofy Option #1 is definitely doable and would be relatively easy to implement. I will coordinate with @smit1678 and see if we can get this stood up for you. Out of curiosity, what do you think is a reasonable token expiration time for this type of use case.

[pierotofy]

Since users would be managing the creation/deletion of tokens, I wouldn't let them expire on their own. Similar to how Mapbox and GitHub do it: https://www.mapbox.com/help/how-access-tokens-work/ https://github.com/settings/tokens. Given the lack of expiration, they should probably be limited in authorization scope (ex. only allow uploads, no read access to other information and nothing destructive).

[sharkinsspatial]

@pierotofy Sorry for the delay in implementing this. I will try to have something up and usable for you next week.

[pierotofy]

Thanks for the update @sharkinsspatial! No worries, and no rush.

[pierotofy]

Any updates? :smile:

[pierotofy]

@sharkinsspatial has any progress been made on this?

[sharkinsspatial]

Hi Piero:

Sorry again for the delay. I was not working on the project for the last month so this slipped a bit. Should have a pull request up this week.

Sean

On Sun, Jun 17, 2018 at 4:57 PM, Piero Toffanin notifications@github.com wrote:

@sharkinsspatial https://github.com/sharkinsspatial has any progress been made on this?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hotosm/oam-uploader-api/issues/86#issuecomment-397902377, or mute the thread https://github.com/notifications/unsubscribe-auth/ADgE3jDAR6QnvfEyzToJ6t0F7FpyvmTUks5t9rSfgaJpZM4SoBwG .