So far, we've been using simple authentication with REST APIs - we've obtained an access token from the API provider and then included that in our request in order to get data or use the service offered.
It's great when you can access data that way, but this generally only works for public data. You wouldn't want someone to be able to access, say, your bank account or emails just because they signed up and got an API key. You'd want to authorize them yourself, and your authorization should only allow them to have access to YOUR account (i.e. if Alice gives permission for an app to access her bank account, it should only allow the app to see her data - not the dat of everyone else at the bank).
OAuth was designed to let you write apps to access this kind of data. It's a framework (and if you care about these distinctions, it was once a protocol) that basically lets a user authorize an app to access data from a third site. That authorization gives you, the developer, a token that you can send to the third party to request the data from about the user.
The fact is, however, that OAuth can be kind of complicated and painful to use. There are modules or libraries in most languages to make it easier, but it can still be hard. For the purposes of this class, we'll be using OAuth with Twitter. The perl module for Twitter makes authenticating with OAuth quite straightforward. However, it's important that you generally know what OAuth is and how it works.
The videos below give you a good overview of OAuth, but it's more than you'll necessarily have to program in class (unless you decide to use some OAuth-oriented APIs for your final project). I'll introduce the Twitter perl module and how it handles OAuth after that.
As I said above, the Twitter API will be the main way we use OAuth in this class. We'll do this through the Net::Twitter perl module.
To authorize with OAuth on Twitter, you need to create a Net::Twitter object like this:
# As of 13-Aug-2010, Twitter requires OAuth for authenticated requests
my $nt = Net::Twitter->new(
traits => [qw/API::RESTv1_1/],
consumer_key => $consumer_key,
consumer_secret => $consumer_secret,
access_token => $token,
access_token_secret => $token_secret,
);
Note that this requires your consumer_key, consumer_secret, token, and token_secret. You get those from Twitter.The Twitter Developers site describes all this. First, sign up for a developer account if you don't have one. This can use your existing Twitter account. Then, go to https://apps.twitter.com/. Click on "Create New App". Fill in all the information. You can use anything you want for the Website section. Agree to the terms and Create your application.
Once that's done, click on the "Keys and Access Tokens" tab at the top of the page for your app. You'll see you already have a consumer key and consumer secret. Next you need to get access tokens. Further down on that same page, you'll see a button that says "Create my access token". Click that and you'll see you then get an Access Token and Access Token Secret.
This is what you need to create the Net::Twitter object. The Consumer Key goes in $consumer_key, the Consumer Secret in $consumer_secret, the Access Token goes in $token and the Access Token Secret in $token_secret.
Once you've done that, you can write code to interact with Twitter's API.
#!/usr/bin/perl
use Net::Twitter;
use Data::Dumper;
#put your keys and secrets here
my $nt = Net::Twitter->new(
traits => [qw/API::RESTv1_1/],
consumer_key => $consumer_key,
consumer_secret => $consumer_secret,
access_token => $token,
access_token_secret => $token_secret,
);
#enter a term you want to search for
$search_term = "halloween";
my $r = $nt->search($search_term);
print Dumper $r;
Here is the tumblr sample code
To generalize this a bit, let's try doing the same kind of authorization but on Tumblr, a microblog that is heavily image focused.
We're going to use the WWW::Tumblr perl module that you can download from CPAN.
First, you'll need to get yourself keys for Tumblr. Start by going to https://www.tumblr.com/oauth/apps and Registering an application. Then, at the main https://www.tumblr.com/oauth/apps page, click "Explore API". Next to your application. That will begin the OAuth step of the user allowing the app access to their account. When you authorize, you will end up on the Tumblr console that will show you all the keys and secrets you need for your code.
From there, we can plug those in to the sample code:
#!/usr/bin/perl
use Data::Dumper;
use WWW::Tumblr;
my $t = WWW::Tumblr->new(
consumer_key => "xxx",
secret_key => "xxxx",
token => "xxx",
token_secret => "xxx",
);
my $blog = $t->blog('timblr.tumblr.com');
print Dumper $blog->info;
Like with Twitter, the WWW::Tumblr module will handle all the steps of the OAuth process for you in the new() command. Once you've done that, you can get
information about Tumblr blogs. This code uses timblr.tumblr.com as an example. When you run the code, you will see JSON printed out that returns stats about the blog:
$VAR1 = {
'blog' => {
'title' => 'Ahhz.',
'can_subscribe' => bless( do{\(my $o = 0)}, 'JSON::PP::Boolean' ),
'updated' => 1485535586,
'share_likes' => bless( do{\(my $o = 1)}, 'JSON::PP::Boolean' ),
'name' => 'timblr',
'ask_anon' => $VAR1->{'blog'}{'share_likes'},
'description' => 'Tim / Austin, TX I /
II / III / IV / Archive / Ask ',
'total_posts' => 5142,
'is_nsfw' => $VAR1->{'blog'}{'can_subscribe'},
'posts' => 5142,
'likes' => 174,
'is_adult' => $VAR1->{'blog'}{'can_subscribe'},
'reply_conditions' => '3',
'subscribed' => $VAR1->{'blog'}{'can_subscribe'},
'is_optout_ads' => $VAR1->{'blog'}{'can_subscribe'},
'ask_page_title' => 'Ask me anything',
'ask' => $VAR1->{'blog'}{'share_likes'},
'url' => 'http://timblr.tumblr.com/'
}
};
This highlights both how OAuth works consistently across applications and how perl modules can consistently handle the work of the authorization process for you.
A good quick overview of what Oauth is for:
A bit more detail on the Oauth process
This one is kind of boring, to be honest, but it's a good description of what's going on.