A Brief Summary of OAuth on Some Web Sites

Posted on December 8, 2012 - Tech

I recently used APIs from several websites. However, I found it difficult to manipulate them. So I wrote this article for reference.

The work was done on Dec. 9, 2012. Please notice that this may be varying rapidly.

OAuth Versions

Different sites use different OAuth versions, which confused me a lot. Besides, the incompatibility of OAuth 1.0 and 2.0 really sucks.

Among web sites I used, Twitter, Fitbit and Fanfou use OAuth, while foursquare, Renren, and Weibo use OAuth 2.0. According to Hourse Luke's article, who was in the OAuth group, access token is no longer valid for a long time in OAuth 2.0. However, different sites have different strategies:

  • foursquare: access token will not expire
  • Weibo: access token will expire in 7 days, which indicates a re-authentication
  • Renren: access token will expire in some time, but it is possible to renew the access token with the help of refresh token, which will not expire

What the f**k.

Solutions

The original purpose was to write an app to synchronize my fitbit and foursquare records. Both of them can tweet to twitter and facebook, which led me to try synchronizing my tweets from twitter. I found this article. The author wrote a microblog synchronizer based on Twitter. Unfortunately, this app is no more useful due to the updates of these web sites. Therefore, I decided to write my own one.

In fact, I simply want to use it by myself. But among these sites, only Twitter provides "Single-user OAuth", which is easy to get private access token and access secret.

I recommend to use python-oauth2 doing OAuth 1.0 things. An example is provided in its document.

But using OAuth 2.0 is not so easy. Here are some suggestions:

foursquare

Using foursquare-app-framework, we can get a framework to build foursquare app. What we need to do is modify parameters following its doc.

Renren

The first problem is to get access token and refresh token. I used a php-connect program in its developer web site, which requires a php server. Then I used the Python SDK to access the interfaces. For convenience, I renew the access token using the refresh token everytime I invoke any API.

Weibo

I shall not use this.

Summary

The forementioned Hourse Luke resigned his job in OAuth 2.0 group.

He said, if 1.0 works well, then simply ignore 2.0.