YQL, Flickr, OAuth, YAP
-
Upload
erik-eldridge -
Category
Technology
-
view
12.239 -
download
0
description
Transcript of YQL, Flickr, OAuth, YAP
YQL, Flickr, OAuth, YAP
Erik Eldridge
Yahoo! Developer Network
3/31/09Photo credit: Marco Bellucci((http://ow.ly/1M0c)
Follow along (or skip ahead)
• http://slideshare.net/erikeldridge
YQL
YQL is select * from internet
• Allows you to quickly & simply mashup data from Yahoo! and elsewhere
• Programmatic SQL-like language
• Successor to Yahoo! Pipes
YQL on YDN
YQL console
BOSS-like search
Public data
YQL proxy & frontend
YQL trogdor
HTML to extract
HTML extraction in console
HTML extraction code
RSS extraction
RSS raw
RSS extraction in console
RSS extraction code
RSS extracted
YQL Open Tables
Open table examples
Twitter status Open Table
Twitter status table raw
Twitter status Open Table in action
Resources
• YQL:http://developer.yahoo.com/yql
• Open Table examples: http://github.com/spullara/yql-tables/tree/master
• PHP:http://php.net
Flickr
Flickr homepage
Flickr API page
Use YQL for public pics
Desc flickr.photos.search
Resolve Flickr username
Request user’s photos in YQL
Use proxy to get data
Catch the data in the client
Output
Flickr API endpoint
Flickr API explorer
Flickr Auth: fetching frob
Flickr auth: fetching token
Flickr auth: making request
OAuth
Overview
• What is OAuth?
• In general, how do I use it?
• Getting started with Oauth on Yahoo!
OAuth is an open protocol
• Allows developers to safely access a user’s private data
• Similar to OpenID• Used to secure HTTP requests• Credentials given only to trusted sites• Open alternative to proprietary protocols
– Google’s AuthSub– AOL’s OpenAuth– Yahoo’s BBAuth and FlickrAuth– Facebook’s FacebookAuth
How does a developer use it?
1. Fetch a request token
2. Redirect user to authorize with request token
3. Fetch and store an access token
4. Make signed API requests
For the visually-inclinedYour App (the consumer) API (Oauth provider)
Your App APIAccess token
Your App APISigned request
The user APIAuthorization
Your App APIRequest token
Fetch request token
Yahoo! Oauth diagram
http://ow.ly/1KuX
How to get a Yahoo! Oauth API key and secret
The YDN registration form
• be sure to:– Select “Web-based” from the drop-down if
you want to make a web app– Request access to “private user data” if
you need social data in your app
Successful registration
• Shows the key and secret used for signing a request
Domain verification
• For web-based apps, you will need to verify that you own the domain that will be hosting your app
The easiest way to get started is with the Yahoo! PHP SDK
<?phprequire('yosdk/lib/Yahoo.inc');
$key = 'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';
$secret = 'ccb100d2ddd70c90e999055311b714db17a35029';$app_id = 'tAPZTc48';
$session = YahooSession::requireSession($key, $secret, $app_id);$user = $session->getSessionedUser();
$title = ' installed this OAuth app';$link = 'http://example.erikeldridge.com/oauth/';$suid = 'update'.time();
$user->insertUpdate($suid, $title, $link);
An example update on the Yahoo! profile page
App Updates
Updates are distributed across Yahoo! and beyond• Properties, e.g., Mail, Profiles, Buzz, etc.• Clients, e.g., Messenger, Toolbar• Externally through Updates API
The next easiest way is to use one of the freely available
libraries
Fetching request token without the Yahoo! PHP SDK
<?php$key =
'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';$secret = 'ccb100d2ddd70c90e999055311b714db17a35029'; require('yosdk/lib/OAuth.php'); $consumer = new OAuthConsumer($key, $secret);//key/secret from Y!$url = 'https://api.login.yahoo.com/oauth/v2/get_request_token';$request = OAuthRequest::from_consumer_and_token($consumer, NULL, 'POST', $url, array());$request->sign_request(new OAuthSignatureMethod_PLAINTEXT(), $consumer, NULL); $ch = curl_init($url);$options = array(
CURLOPT_POSTFIELDS => $request->to_postdata(),CURLOPT_RETURNTRANSFER => true
);curl_setopt_array($ch, $options);parse_str(curl_exec($ch), $resp);curl_close($ch); $requestToken = new stdclass();$requestToken->key = $resp["oauth_token"];$requestToken->secret = $resp["oauth_token_secret"]; file_put_contents('token.txt', json_encode($requestToken));$url = sprintf("https://%s/oauth/v2/request_auth?oauth_token=%s",
'api.login.yahoo.com', urlencode($requestToken->key)
);echo “go here & authorize: $url”;
Fetching the access token without the Yahoo! PHP SDK,
part 1
$key = 'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';
$secret = 'ccb100d2ddd70c90e999055311b714db17a35029';$app_id = 'tAPZTc48';require('yosdk/OAuth.php');$consumer = new OAuthConsumer(KEY, SECRET);$requestToken = json_decode(file_get_contents('token.txt')); $url = 'https://api.login.yahoo.com/oauth/v2/get_token';$request = OAuthRequest::from_consumer_and_token($consumer, $requestToken, 'POST', $url, array());$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, $requestToken);$headers = array(
"Accept: application/json");$ch = curl_init($url);$options = array( CURLOPT_POST=> true,
CURLOPT_POSTFIELDS => $request->to_postdata(),CURLOPT_RETURNTRANSFER => true
);curl_setopt_array($ch, $options);parse_str(curl_exec($ch), $response); curl_close($ch);
Fetching the access token without the Yahoo! PHP SDK,
part 2
$now = time();$accessToken = new stdclass();$accessToken->key = $response["oauth_token"];$accessToken->secret = $response["oauth_token_secret"];$accessToken->guid = $response["xoauth_yahoo_guid"];$accessToken->consumer = $consumer;$accessToken->sessionHandle = $response["oauth_session_handle"];if(array_key_exists("oauth_expires_in", $response)) { $accessToken->tokenExpires = $now + $response["oauth_expires_in"];}else { $accessToken->tokenExpires = -1;}if(array_key_exists("oauth_authorization_expires_in", $response)) { $accessToken->handleExpires = $now + $response["oauth_authorization_expires_in"];}else { $accessToken->handleExpires = -1;}file_put_contents('token.txt', json_encode($accessToken));
Making a signed request to Updates API without the Yahoo! PHP SDK, part 1
$guid = $response["xoauth_yahoo_guid"];$title = 'Confirmation update';//arbitrary title$description = 'The time is now '.date("g:i a");//arbitrary desc$link = sprintf('http://%s/oauth/', ‘example.erikeldridge.com/oauth’);//arbitrary link$source = ’APP.'.$app_id;//note: 'APP.' syntax$date = time();$suid = ’update'.time();//arbitrary, unique string$body = array(
"updates" => array(array(
"collectionID" => $guid,"collectionType" => "guid","class" => "app","source" => $source,"type" => 'appActivity',"suid" => $suid,"title" => $title,"description" => $description,"link" => $link,"pubDate" => (string)$date
))
);
Making a signed request to Updates API without the Yahoo! PHP SDK, part 2
$url = sprintf("http://%s/v1/user/%s/updates/%s/%s",'social.yahooapis.com', $guid, $source, urlencode($suid)
);$request = OAuthRequest::from_consumer_and_token(
$consumer, $accessToken, 'PUT', $url, array());
$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer, $accessToken
);
Making a signed request to the Updates API without the
Yahoo! PHP SDK, part 3
$headers = array("Accept: application/json");$headers[] = $request->to_header();$headers[] = "Content-type: application/json";$content = json_encode($body); $ch = curl_init($url);$options = array(
CURLOPT_HTTPHEADER => $headers,CURLOPT_POSTFIELDS => $content,CURLOPT_RETURNTRANSFER => true,CURLOPT_CUSTOMREQUEST => 'PUT',CURLOPT_TIMEOUT => 3
);curl_setopt_array($ch, $options);$resp = curl_exec($ch);curl_close($ch);
Resources
• Hueniverse’s introduction:http://www.hueniverse.com/hueniverse/2007/10/beginners-guide.html
• Yahoo!’s Oauth documentation:http://developer.yahoo.com/oauth
• Yahoo! PHP and ActionScript SDKs:http://developer.yahoo.com/social/sdk/
• Google’s OAuth playground:http://googlecodesamples.com/oauth_playground/
Yahoo! Application Platform
Why is Yahoo! opening up?
• A history of supporting open technology– Apache, MySQL, PHP, JavaScript,
BSD/Linux, to name a few
• A history of hacking
• Yahoo! wants to share its audience
What is the Yahoo! Application Platform?
• It’s a way to run apps on Yahoo!
3 views of YAP: My Y! screenshot
3 views of YAP: canvas screenshot
3 views of YAP: y! metro
Yahoo! Application Platform (YAP)
• Optimized for speed and security (YML, Caja)• Uses raw Javascript, CSS, and HTML, and
Yahoo! Markup Language (YML)• Supports OpenSocial JavaScript API
How do I use it?
YDN key/secret
+
Your server
+
Your code
=
Your app on Yahoo!
Example: OpenSocial Activities
<script>var params = {};params[opensocial.Activity.Field.TITLE] = 'title';params[opensocial.Activity.Field.BODY] = 'body';
var activity = opensocial.newActivity(params);
opensocial.requestCreateActivity(activity,opensocial.CreateActivityPriority.LOW,function(){});
</script>
Example: Screenshot of results
What does YAP do for me?
• Hundreds of millions of Yahoo! users
• Instant publication
• Secure, Standard JavaScript, HTML, CSS
• OpenSocial JS API
Resources
• developer.yahoo.com– /dashboard– /yap– /yap/yml– /social– /forums
• Caja project• iframe security
תודה!Thank you!
• Find me on slideshare, twitter and github @erikeldridge