OAuth is a messy process that puts a proxy between your user account and some service. It's a many-to-many relationship, usually called an "App," and allows you to set access restrictions between your user account (full access) and what the App can access.
For example, you may have a protected Twitter account, but want a service to archive the tweets of everyone you follow. You would give this service read access, so that it could see who you're following, but you wouldn't let it tweet for you or send your followers direct messages. But let's say you want your Wordpress to automatically tweet for you when you create a new post, with a link to the blog post. In that case, you would give the service write access, to tweet on your behalf.
More and more services are requiring OAuth for all connections, as a way of simplifying the API. I guess that's admirable, though I wouldn't say necessary. OAuth is kind of annoying from a developer's point of view (and yours, apparently, if you're here). I have a lot of accounts that I meticulously created, but I still can't use them directly; I have to wrap them in OAuth to use the API.
AutoAuth, this repository, intends to make it easy for you to create such a wrapper with the least amount of pain.
The goal is full read & write access, as close to full user account credentials as is possible given the particular endpoint (Twitter, Flickr, Facebook, etc.)
In general, the process works like this:
AutoAuth. This will result in another pair of credentials, an OAuth Access Token and OAuth Access Token Secret.
To recap, the goal is (usually) to end up with four credentials:
On Mac OS X:
brew install phantomjs
Your personal Twitter account will have a pre-formed access token and secret at the bottom of the page, but I take it you're going to be authenticating multiple accounts programmatically. Otherwise, those should work just fine (and you don't need this
AutoAuth script at all).
52a351d5ca79a57d26d3ace89d2a8e1dand a "Secret" like
cd68f50112d1cb57. These are important! Keep them handy. They are your "App Key" and "App Secret."
http://henrian.com/, for example.
Then simply run
auth.js with the App Key and App Secret values as
--password with your account credentials. And, of course,
Disclaimer: Yahoo! is requiring a captcha from me, just to log in, so this isn't currently working as it ought to.
For the time being, simply run the script, use the url it generates (put it in the browser and follow the instructions, then copy the verifier bit in the querystring. Re-run
--reqsecret set to the output from the previous run of
--verifier to that bit from the URL.
If you know how to get around that captcha issue, let me know. It's probably some JS trigger that I'm missing in the verifier script. Damn you web 2.0.
Each new service requires a new phantomjs module in
verifiers/ and some
additions to the clients hash in
You'll run the
auth.js script, replacing your username and password with actual values:
node auth.js --provider twitter \--appkey xkNtpnwJdmbSE6uDH0vsF --appsecret hqgCs6kzXfaHT5pS8GdyEo93V04QMUI7u2JtxcZKB1N \--username thisisnotme --password r5Q4cERliu
That is just the command line interface. You can also use the Node.js library as a module!
const autoauth = ;const key = 'xkNtpnwJdmbSE6uDH0vsF';const secret = 'hqgCs6kzXfaHT5pS8GdyEo93V04QMUI7u2JtxcZKB1N';const user = 'thisisnotme';const password = 'r5Q4cERliu';autoauth;
Copyright © 2012-2013, 2017 Christopher Brown. MIT Licensed.