jesseward / discogs-oauth-example

discogs-oauth-example was created to provide a very basic but functioning example of how a developer may utilize the python oauth2 library to download images and make authenticated calls against the Discogs API.
MIT License
112 stars 29 forks source link

OAuth and Discogs

The discogs-oauth-example repo was created to provide a very basic but functioning example of how a developer may utilize the python oauth2 library to download images and make authenticated calls against the Discogs API.

Changes or suggestions are welcomed. Please log an issue or pull request via github.

See https://github.com/jesseward/discogs-oauth-example

Requirements

Note The discogs team recently deprecated their Python Discogs-Client library. The Python3 Discogs Client was recently forked in order to continue support for Python developers.

OAuth in a nutshell

  1. Obtain consumer keys : The application developer registers their new application at https://www.discogs.com/settings/developers . Discogs assigns a consumer_key and consumer_secret for the application. This is a one-time action required on behalf of the developer and their application. Each application is assigned a unique value.

  2. Request a token : The application sends the consumer_key and consumer_secret to the request_token endpoint (http://api.discogs.com/oauth/request_token). Discogs returns a request_token and secret

  3. Request user access : Request the user to grant access to your application. This is done by directing the user to a URL. The URL is generated by your application, it simply appends the request_token and secret returned in step 2 to http://www.discogs.com/oauth/authorize. If the user accepts this request, discogs will return a verification code. Store this verification code for the next request (step 4).

  4. Request token verification : The application sends the request_token and request token secret along withe the verification code to the Discogs api. If the API validates your request, you're returned an access_token and an access token secret. You must store or persist this access_token for the user.

  5. Fetching data via your access_token: You're now able to fetch data using the OAuth process. For all authenticated requests, you pass the access_token and access_token secret.