We have an API :) - Page 8

I'll look for workarounds around the popup behavior.

Diafol, were you trying to use the Javascript OAuth code on the documentation page or on the JS demo page? The one on the JS demo page is click-initiated, and that should prevent the popup blocker.

OK connecting with your client_id and client_secret might not work for the next 20-30 minutes while I switch over to the new system. I'll let you know when :)

Diafol, were you trying to use the Javascript OAuth code on the documentation page or on the JS demo page? The one on the JS demo page is click-initiated, and that should prevent the popup blocker.

Twas this one:

<script type="text/javascript">
<!--
var client_id = 120589;
var access_token;

$(function() {
    // Check to see if this page is loaded in the popup we created
    if (window.opener != null && !window.opener.closed)
    {
        // Copy the hash (which includes the access token) received from the
        //  OAuth process to the main window for parsing and close the popup
        opener.location.hash = window.location.hash;
        window.close();
    }
    else
    {
        // Load a popup window pointing to the OAuth dialog
        var url = 'http://www.daniweb.com/api/oauth/dialog?client_id='
            + client_id + '&redirect_uri=' + window.location;

        // We set the location for the popup after we create it to workaround
        //  popup blockers that have a same-origin policy
        var dialog = window.open('', 'oauth', 'height=460,width=1180');
        dialog.location = url;

        // Event listener for a hash change in the URI
        $(window).on('hashchange', function() {
            // If the URI hash changed and it's not empty ...
            if (window.location.hash != '')
            {
                var string = window.location.hash.substr(1);
                var query = string.split('&');
                var param;

                // Parse the URI hash to fetch the access token
                for (var i = 0; i < query.length; i++)
                {
                    param = query[i].split('=');
                    if (param[0] == 'access_token')
                    {
                        access_token = param[1];
                        break;
                    }
                }

                // We now have the access token
                if (access_token !== undefined)
                {
                    alert('Your access token is ' + access_token);
                }               
            }
        }); 
    }
});
//-->
</script>

Yeah that one is going to block the popup. Use the other one :)

Also, I finally got application credentials set up. Sorry it took so long but I kept getting interrupted by the phone a billion times.

You know what would be a cute idea? How about writing a bookmarklet that polls for latest posts in articles you're watching or for your new private messages as you browse the web. You'll get an instant alert wherever you are instead of waiting up to an hour for the email notification to come in.

I get an alert instantly... Is that normal?

The "Watched Article Updates" emails should not be coming in more than once an hour.

The "Watched Article Updates" emails should not be coming in more than once an hour.

Well, i guess my account is special then (i recieve it basically instantly) :)

Maybe people just reply to your posts around the time of the email.

I can confirm my article updates arrive hourly at 10 minutes past the hour.

Maybe people just reply to your posts around the time of the email.
I can confirm my article updates arrive hourly at 10 minutes past the hour.

That could be the solution, thanks :)

That's the purpose of OAuth :)

The purpose of OAuth is so that you can access the account of any member (aka be that member) without the need for them to give you their username or password.

The security key is not what's needed to impersonate their account. It's meant to be hard coded into the application that you write as a security measure to authenticate yourself as the application's programmer.

Try copying and pasting the OAuth 2.0 demo that I have. When you visit the page, it should say "Hi, riahc3! and a PHP variable will be set with all of your information". When I visit the page it will say Hi Dani and the variable will be set with all of my information.

Basically OAuth handles that entire process described above: It makes you log in, forces you to log in if you aren't already, checks your cookies, and then it gives the application access to variables about your account.

When you pass the client_id and client_secret into your OAuth application, that is NOT meant to be passing in the credentials of the end-user using the application. That is simply the credentials of the application's developer, meant to be hard-coded into the application.

Your application will automagically have all the credentials of the end user who is using the application at the time, including their personal profile settings, their private messages, their own recommended / watched / viewed articles, etc.

Everything was better understood until the bolded part. What?

From what I am understanding, the key validates my app. OK thats good and great, but I am understanding that if I put a users name in, I can access (both that can be read and written) a lot of information....

OK thats good and great, but I am understanding that if I put a users name in

No, not if you put a user's name in. If that user, themselves, uses your app. For example, if I start using your app, your app will have access to my private messages, etc.

Here's an example. Suppose you write a browser plugin that gives instant notifications each time someone receives a new private message. You didn't just write the plugin yourself. You want lots of people to use it.

So everyone who uses it will see notifications when they receive private messages. Therefore, the application needs access to the private messages of the end user who is using the app.

Here's another example:

Suppose you wanted to use the API to write a mobile version of DaniWeb. That mobile version would need the ability to log members in, and allow members logged into the mobile version to do things like read their PMs.

The API also lets you vote on posts and watch articles on behalf of other members because that is functionality that would be useful for a mobile application.

Damn you Dani....You removed the secret key from the documentation page because I gave you the idea of reading the page and getting it from there.

Im going to start to shut up from now on :P

My intentions are not server/client side web apps. They are desktop (and in the future, maybe mobile) apps. When you implemented your API, Im sure that was not the way it was ment to be but...

Is there a limit of applications we can register?

Damn you Dani....You removed the secret key from the documentation page because I gave you the idea of reading the page and getting it from there.

LOL, no I didn't. Because you actually misunderstood how the system works and didn't realize you don't need the secret key of other members.

I moved it to a different page to accomidate one member having multiple secret_keys associated with different applications that they should write.

Register an application for each unique piece of software you create. The website domain you register with your app is checked against the domain that the OAuth request comes from. There's really no advantage at all to registering multiple apps unless you have multiple domain names.

My intentions are not server/client side web apps. They are desktop (and in the future, maybe mobile) apps. When you implemented your API, Im sure that was not the way it was ment to be but...

On the contrary, all of that was kept in mind :)

Working on it....

DotNetAuth.OAuth2.Providers.LiveOAuth2 l = new DotNetAuth.OAuth2.Providers.LiveOAuth2();

            DotNetAuth.OAuth2.ApplicationCredentials a=new DotNetAuth.OAuth2.ApplicationCredentials();
            DotNetAuth.OAuth2.IOAuth20StateManager i = null;

            a.AppId = "2";
            a.AppSecretId = "lolcatz";
            l.GetAuthorizationRequestParameters(a, "http://www.daniweb.com/api/access_token", "?",i);

Documentation on OAuth2 and C# is very poor

I don't know C# at all, and I just randomly googled this, but here is a C# OAuth 2.0 library:

http://www.dotnetopenauth.net/

Here is a Google API client library for .NET that you might be able to modify to work with our API.

Our API adheres to the OAuth 2.0 protocol, so third party libraries should work out of the box.

I don't know C# at all, and I just randomly googled this, but here is a C# OAuth 2.0 library:

http://www.dotnetopenauth.net/

Here is a Google API client library for .NET that you might be able to modify to work with our API.

Thats the library Im using to try getting OAuth to work.

From what Ive been reading its a pain; Posted it in the C# section and Im trying to see if someone can give some advice.

I see youve replied in the thread; Thank you for helping.

Getting a damn 400 bad request reply....

Will keep at it....Dont have much to do.

Aww, I'm sorry you can't get it to work. I feel bad and wish I knew C# to help you!

I'm actually going to make some modifications now to return detailed error messages, so the 400 Bad Request stuff will actually say things like "client_secret is wrong".

I'm actually going to make some modifications now to return detailed error messages, so the 400 Bad Request stuff will actually say things like "client_secret is wrong".

Yes, that would give some ideas for me on what to look for...

I daily (like many others on this forum) work with PHP (main), MySQL, shell scripting, Java (main), Javascript (main), C# , some C++ and today I saw Delphi. Sometimes the most simple things I cant get thru my head (reason why you'll see me autor of many stupid threads)

And yes, I think now I see that the OAuth system is similar to Google APIs where you have a key to work with the api and such. Im blown how I missed that.

If you're familiar with PHP, why don't you begin by getting it to work perfectly in PHP and become familiar with it? Then move on to C#. Also, if you have a lot of Javascript experience, check out the JS-based implementation.

First get the ones that are just copy/paste from our demo to work before moving on :)

Have you read the Step-by-step instructions in the left column next to the code on the Documentation page? That should shed some light.

What happened to the member location data? Wasn't that part of the 'geo' object/array?

What happened to the member location data? Wasn't that part of the 'geo' object/array?

Not all members have entered their location, and the geo array will be empty for those who haven't. You will only see the full geo array for your own profile.

Oh, you're right! It's a bug that was introduced where you can't see any geo info for another member. Fixing!

Fixed!

What harm would come of a client firing mass get requests at the server?

Just found myself in an infinite loop firing at the server and wondered what impacts (if any) it could have?