OAuthModule
Engine Compatibility
This library has not yet been ported to the New Pico Engine
OAuthModule is primarily a module to facilitate communications with external APIs that use OAuth 1.0a. Phil Windley has demonstrated an implementation of OAuth 1.0a in pure KRL.
Common Parameters
namespace
<namespace> generally refers to the <keyname> defined in the META block with the key keyword. It is possible to dynamically bind OAuth tokens to a <namespace> so you can associate multiple tokens to an OAuth 1.0a provider; ie: "twitter_dev" and "twitter_user"
Predicates
has_token
Returns 1 if the user has an OAuth 1.0a token associated with <namespace>
Namespace | string |
---|
needs_auth = oauthmodule:has_token("some_auth_provider");
Just because an account has an auth token does not mean that it is still valid or hasn't been revoked or timed out. This is a convenience function so you don't have to make a protected resource request to determine if this is a new account.
Actions
The oauthmodule provides the following familiar HTTP methods as protected resource requests; ie: the request will provide the proper request signature and tokens for OAuth requests.
- post
- put
- get
- head
- delete
- patch
oauthmodule:<method>(<namespace>) with url = <url> and headers = <map> and params = <map> and body = <string> and response_headers = <array> and access_tokens = <map>;
url : the base url for the protected resource request; ie: for twitter ("https://api.twitter.com/1.1/statuses/user_timeline.json")
headers : some APIs require specific information passed in a header or require that the OAuth information is passed in the header; ie: for google ('GData-Version' : 2.0)
params : additional information required by the source API
ie: for twitter's user_timeline
'params' : { 'include_entities' : 'true', 'include_rts' : 'true', 'screen_name' : "kynetx_test", 'count' : 2 }
body : where the particular HTTP method specifies that parameters are sent in the body, provide a properly encoded string; ie: form-multipart
req_body = << { "data" : { "title" : "Appointment title", "details" : "Meeting like a boss", "transparency" : "opaque", "status" : "confirmed", "location" : "San Peete, UT", "when" : [ { "start" : "2012-06-12T19:07:32Z", "end" : "2012-06-12T20:07:32Z" } ] } } >>;
response_headers : Some services will return a redirect. In that case, rather than try to parse the response content, you can request the 'Location' response header be included in the result
access_tokens : This value will pre-empt any values that might have been defined in the META block. This can be useful if you would like to make a request with your developer credentials rather than the user tokens, or if you have user tokens from an alternative source
Here is an example of a complete request to the Twitter v1.1 API that uses access_tokens to provide OAuth authentication
pre { myParams = { 'include_entities' : 'true', 'include_rts' : 'true', 'screen_name' : "kynetx_test", 'count' : 2 }; myTokens = { 'access_token' : '100844323-sldflsdfoopsdfop', 'access_token_secret' : 'ksdfoiso9foisdfoksdfoij' }; } oauthmodule:get('twitter') with url = 'https://api.twitter.com/1.1/statuses/user_timeline.json' and params = myParams and access_tokens = myTokens;
Functions
The oauthmodule provides the following familiar HTTP methods as protected resource requests; ie: the request will provide the proper request signature and tokens for OAuth requests.
- post
- put
- get
- head
- delete
- patch
The format is just like the comparable actions, but, instead of passing parameters using the modifier syntax, you place the parameters in a hash/map as the second argument
result = oauthmodule:get('twitter', { 'url' : 'https://api.twitter.com/1.1/statuses/user_timeline.json', 'params' : { 'include_entities' : 'true', 'include_rts' : 'true', 'screen_name' : "kynetx_test", 'count' : 2 }, 'access_tokens' : { 'access_token' : '100844323-sldflsdfoopsdfop', 'access_token_secret' : 'ksdfoiso9foisdfoksdfoij' }} );
get_auth_url
The authorization url is the url that the developer presents to the user to initiate the OAuth 1.0a dance. For Twitter and Google, the OAuth urls are well known so you can skip providing the OAuth URLs by using 'twitter' or 'google' as your namespace. In other cases, as a developer, you need to provide the 3 URLs specified by the OAuth protocol
auth_url_defaults = oauthmodule:get_auth_url('twitter'); explicit_oauth_url = oauthmodule:get_auth_url('v1.0a',{ 'request_token_url' => 'https://api.twitter.com/oauth/request_token', 'authorization_url' => 'https://api.twitter.com/oauth/authorize', 'access_token_url' => 'https://api.twitter.com/oauth/access_token' };
Google added the concept of 'scope' to their implementation of OAuth 1.0a, so a get_auth_url request for Google access to the Calendar API would look like
google_auth_url = oauthmodule:get_auth_url('google',{ 'params' : { 'scope' : 'https://www.google.com/m8/feeds/' } } );
You can force the authorization url to use HTTPS (for the callback) by specifying
secure_auth_url = oauthmodule:get_auth_url('twitter',{ 'use_https' : 1 });
You can also modify the behavior of KRL when the OAuth provider redirects the user to the KRL callback
Draft Specification
These options were created before the SKY eventing system was introduced. The implementation is likely to change if we update the functionality to be compatible with sky.
Raise a blue event
google_auth_url = oauthmodule:get_auth_url('google',{ 'raise_callback_event' => 'RCA', 'app_id'=>'a144x123'} );
Redirect to a specific page
google_auth_url = oauthmodule:get_auth_url('google',{ 'type' => 'redirect', 'url' => 'http://www.windley.com/'} );
Copyright Picolabs | Licensed under Creative Commons.