requests-oauthlib icon indicating copy to clipboard operation
requests-oauthlib copied to clipboard

Published 20 hours ago verified publisher icon requests

xAuth support?

Open mdorn opened this issue 9 years ago • 2 comments

Some Twitter applications (see https://dev.twitter.com/oauth/xauth) use the "xAuth" variant of oAuth, as does the full Instapaper API: https://www.instapaper.com/api/full

This implementation of the Instapaper API uses python-oauth2 and actually works properly: https://github.com/rsgalloway/instapaper/blob/master/instapaper.py#L132 (See also https://github.com/rsgalloway/instapaper#basic-usage)

But it's not clear to me how to adapt requests-oauthlib to accomplish this. Any pointers?

mdorn avatar Aug 19 '15 02:08 mdorn

Interesting. Right now, I absolutely don't: however in a week or so I'll have much more resource freed up to pursue this.

If you're interested in trying the work yourself, the first thing to do is to understand how xAuth differs from OAuth, and whether oauthlib contains all the stuff we need to make this work properly. If it does, then you can make the changes directly here: if not, you'll need to make changes there first.

Lukasa avatar Aug 19 '15 06:08 Lukasa

Thanks for the response @Lukasa. I've poked around in the docs and source code for both libraries, but with limited to time to devote to this, it's not obvious to me how to make this work or where any changes would need to be made, so I'm going to have to use the other library for now.

Essentially, in xAuth three parameters need to be added to an initial oAuth 2.0 request to get the access token to make requests:

  • x_auth_username
  • x_auth_password
  • x_auth_mode (value must be client_auth)

Here's what the HTTP request headers for successful session look like (using the library I mentioned above) to get a list of articles in an Instapaper account:

Get access token:

POST /api/1/oauth/access_token HTTP/1.1
Host: www.instapaper.com
Content-Length: 284
content-type: application/x-www-form-urlencoded
accept-encoding: gzip, deflate
user-agent: Python-httplib2/0.9.1 (gzip)
oauth_nonce=73668924&oauth_timestamp=1439950916&oauth_consumer_key=afc1234...&[email protected]&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=xZE2uVhf2q4UqoAfm5hD2BtBh60%3D&x_auth_mode=client_auth&x_auth_password=p@ssw0rd

Get list of articles:

POST /api/1/bookmarks/list HTTP/1.1
Host: www.instapaper.com
Content-Length: 272
content-type: application/x-www-form-urlencoded
accept-encoding: gzip, deflate
user-agent: Python-httplib2/0.9.1 (gzip)
oauth_nonce=52102555&oauth_timestamp=1441686076&oauth_consumer_key=afc1234...&oauth_signature_method=HMAC-SHA1&limit=10&oauth_version=1.0&oauth_token=2c9ad17024714fb68b07abdd117af2b&folder_id=unread&oauth_signature=1eZ%2FM2FRyGCxaezzuKQ%2AAIE4Z5g%3E

If you're interested in following up on this, let me know how else I can help.

mdorn avatar Sep 21 '15 16:09 mdorn