Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xAuth support? #191

Open
mdorn opened this issue Aug 19, 2015 · 2 comments
Open

xAuth support? #191

mdorn opened this issue Aug 19, 2015 · 2 comments

Comments

@mdorn
Copy link

mdorn commented Aug 19, 2015

Some Twitter applications (see https://dev.twitter.com/oauth/xauth) use the "xAuth" variant of oAuth, as does the full Instapaper API: https://www.instapaper.com/api/full

This implementation of the Instapaper API uses python-oauth2 and actually works properly: https://github.com/rsgalloway/instapaper/blob/master/instapaper.py#L132
(See also https://github.com/rsgalloway/instapaper#basic-usage)

But it's not clear to me how to adapt requests-oauthlib to accomplish this. Any pointers?
@Lukasa
Copy link
Member

Lukasa commented Aug 19, 2015

Interesting. Right now, I absolutely don't: however in a week or so I'll have much more resource freed up to pursue this.

If you're interested in trying the work yourself, the first thing to do is to understand how xAuth differs from OAuth, and whether oauthlib contains all the stuff we need to make this work properly. If it does, then you can make the changes directly here: if not, you'll need to make changes there first.

@mdorn
Copy link
Author

mdorn commented Sep 21, 2015

Thanks for the response @Lukasa. I've poked around in the docs and source code for both libraries, but with limited to time to devote to this, it's not obvious to me how to make this work or where any changes would need to be made, so I'm going to have to use the other library for now.

Essentially, in xAuth three parameters need to be added to an initial oAuth 2.0 request to get the access token to make requests:

  • x_auth_username
  • x_auth_password
  • x_auth_mode (value must be client_auth)

Here's what the HTTP request headers for successful session look like (using the library I mentioned above) to get a list of articles in an Instapaper account:

Get access token:

POST /api/1/oauth/access_token HTTP/1.1
Host: www.instapaper.com
Content-Length: 284
content-type: application/x-www-form-urlencoded
accept-encoding: gzip, deflate
user-agent: Python-httplib2/0.9.1 (gzip)
oauth_nonce=73668924&oauth_timestamp=1439950916&oauth_consumer_key=afc1234...&[email protected]&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=xZE2uVhf2q4UqoAfm5hD2BtBh60%3D&x_auth_mode=client_auth&x_auth_password=p@ssw0rd

Get list of articles:

POST /api/1/bookmarks/list HTTP/1.1
Host: www.instapaper.com
Content-Length: 272
content-type: application/x-www-form-urlencoded
accept-encoding: gzip, deflate
user-agent: Python-httplib2/0.9.1 (gzip)
oauth_nonce=52102555&oauth_timestamp=1441686076&oauth_consumer_key=afc1234...&oauth_signature_method=HMAC-SHA1&limit=10&oauth_version=1.0&oauth_token=2c9ad17024714fb68b07abdd117af2b&folder_id=unread&oauth_signature=1eZ%2FM2FRyGCxaezzuKQ%2AAIE4Z5g%3E

If you're interested in following up on this, let me know how else I can help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdorn @Lukasa