8

I'm following the instructions mentioned here: https://api.stackexchange.com/docs/authentication

But since there is no code provided, I'm not able to understand the flow correctly.

I've been trying to get the authentication part done using two methods below but I have hit a deadend.

1)

import requests
from pprint import pprint

resp = requests.get('https://stackexchange.com/oauth/dialog?client_id=6667&scope=private_info&redirect_uri=https://stackexchange.com/oauth/login_success/')
pprint(vars(resp))

2)

import oauth2 as oauth
from pprint import pprint

url = 'https://www.stackexchange.com'
request_token_url = '%s/oauth/' % url
access_token_url = '%s/' % url

consumer = oauth.Consumer(key='mykey',
                          secret='mysecret')

client = oauth.Client(consumer)


response, content = client.request(request_token_url, 'GET')

print(response, content)

I'm not sure how to go forward from here? I need to use the access token that is returned and use it to query the API. A sample code would really really help! Thanks.

EDIT: This is the code I'm using currently:

from requests_oauthlib import OAuth2Session
from pprint import pprint

client_id = 'x'
client_secret = 'x'
redirect_uri = 'https://stackexchange.com/oauth/login_success'
scope = 'no_expiry'

oauth = OAuth2Session(client_id, redirect_uri=redirect_uri, scope=scope)

pprint(vars(oauth))

authorization_url, state = oauth.authorization_url('https://stackexchange.com/oauth/dialog')

print(authorization_url)

Instead of having to click on the authorization_url and get the token, is there a way I can directly fetch the token within the script itself?

90abyss
  • 7,037
  • 19
  • 63
  • 94

1 Answers1

11

Of the two methods you used, the first is the recommended method for desktop applications. It is probably correct.

OAuth is intended to force the user to go to a specific webpage and acknowledge that they are giving permission (usually through clicking a button) for an application to access their data. The HTTP responses you print are merely the webpage where a user needs to click accept.

To get a feeling for the flow, put the first address (https://stackexchange.com/oauth/dialog?client_id=6667&scope=&redirect_uri=https://stackexchange.com/oauth/login_success/) in the address bar and click accept on the loaded page. The access_token will be in the URL right after that.

If you are making the application only for yourself, the access_token can be copied into your Python script. The token expires in one day; if that is too short add no_expiry to scope to make it last forever. DO NOT share the token with anyone else, since it gives them access to details of your account! Each user of the script must generate their own token.

Test the access_token by inserting in your app's key and the access_token you just obtained into the url: https://api.stackexchange.com/2.2/me?key=key&site=stackoverflow&order=desc&sort=reputation&access_token=&filter=default

If you need a more automated, integrated, user-friendly solution, I would look at selenium webdriver to open a browser window and get the resulting credentials.

Spatz
  • 18,640
  • 7
  • 62
  • 66
Marc J
  • 1,303
  • 11
  • 11
  • Thank you so much for this! Can you please check my edit in the OP? How can I automate the process of fetching the token? – 90abyss Apr 01 '16 at 17:34
  • As I mentioned, I would look at selenium webdriver to automate it. I refer you to a SO question on [PhantomJS through selenium](http://stackoverflow.com/questions/13287490/is-there-a-way-to-use-phantomjs-in-python) which describes a similar situation. If you need further information, I believe it should be in a new question. Be sure to mention your requirements: does it have to be fully headless or is GUI allowed? Can additional software be installed, or does it need to be pure Python? – Marc J Apr 01 '16 at 22:22