I would like to test the Flickr API using Matlab. There is no Flickr API library available for Matlab, so I have to do everything myself.
I am having troubles pretty much in the beginning: cannot cope with authentication. The process description is here: http://www.flickr.com/services/api/auth.oauth.html. However, I do not understand a couple of things in Signing Requests:
First,
the key is the concatenated values of the Consumer Secret
and Token Secret, separated by an '&'.
What are the Consumer Secret and the Token Secret? I only have the API key and API secret, issued for my test application by Flickr.
Second, the result of signing a string (which should be the output of the HMAC SHA1 function, i.e. a number, right?) in the example is w18YS2bONDPL%2FzgyzP5XTr5af4%3D. What is it? It is neither a hex number nor a base64 string.
You might find it easier to build an interface from MATLAB to one of the available Flickr API kits. MATLAB makes it particularly easy to call C, Java and perl, so those might be a good choice.
I've solved this task. The answer I put in the form of a short tutorial to Matlab file exchange: http://www.mathworks.com/matlabcentral/fileexchange/34162. I will also keep a list of additional hints in my blog http://texnical.wordpress.com/2011/12/12/flickr-api-with-user-authentication-in-matlab/.
I'd like to acknowledge the help of Sam Judson from the Flickr API discussion list.
Related
My aim is to select some text from a web page, start a google chrome extension and give the text to a google cloud api (Natural Language API) in my case.
I want to do some sentimental analysis and then get back the result to mark/ highlight positive sentences in green and negative ones in red.
I am new to this and do not know how to start.
The extension consists of manifest, popup etc. How should I call an API from there that does Natural Language Processing?
Should I create a Google Cloud Application with an API_KEY to call? In that case I would have to upload my credentials right?
Sorry sounds a bit confusing I know but I just don't know how I can bring this 2 things together an would be more than happy about any help
The best way to authenticate your app will depend on the specific needs and use cases of your application. You can see an overview of all the different methods here.
If you are not planning on identifying users nor on using a back end server that handles authenticating (as I assume to be your case), the best option would indeed be to use API keys. They do not identify the user, but are enough for the Natural Language APIs.
To do this you will need to create an API key for the services you want and add the necessary restrictions to make the key as secure as possible. Detailed instructions on how to do this and how to use the key in a url can be found here.
The API call could be made from within the Chrome extension with any JavaScript method capable of performing POST requests. For example using XMLHttpRequest or the Fetch API. You can find an example of the parameters that need to be included in the request here.
You may run into CORS issues when making the request directly from the extension. I recommend reading this answer, where a couple of workarounds for these issues are suggested.
I'm trying to make a bot for Tumblr or Twitter, but both require OAuth requests. I'm not sure how to use a Net.WebRquest this way. I've searched all over and found very scarce information. I believe I am supposed to add some credentials in the header. This is what I have tried:
<pre>
Dim request As WebRequest = WebRequest.Create(URL)
request.Headers.Add(HttpRequestHeader.Authorization,
$"OAuth realm=""https://api.tumblr.com/"",
oauth_consumer_key=""{APIKEY}"",
oauth_token=""{TOKEN}"",
oauth_signature_method=""HMAC-SHA1"",
oauth_signature=""?"",
oauth_timestamp=""{(Now - New DateTime(1970, 1, 1)).TotalSeconds}"",
oauth_nonce=""{Now.GetHashCode()}"",
oauth_version=""1.0""")
<pre>
Assuming APIKEY and TOKEN are valid, I am still getting Error 401: Unauthorized. Also, what do I put in "oauth_signature"? That did not make any sense to me. This website contained the most useful information: https://oauth.net/core/1.0a/
Has anyone else here dealt with OAuth requests before, that can help me? If there were any examples out there, that would be wonderful. Thank you so much in advance.
~Nic
What jumps out at me immediately is that your parameters are not sorted alphabetically (which OAUTH requires).
Writing an OAUTH library from scratch is terrible terrible business and you should use an existing library unless you have a really good reason not to.
I am the author of TwitterVB, a .NET library for accessing the Twitter API. The code is hosted on GitHub and has a very permissive license. You'll find code can classes there that will make your implementation of OAUTH much easier.
Please note that I no longer maintain this library and there are a few things that have changed about the API that interfere with its functionality. The OAUTH pieces should all work as-is, however.
Where can I find a good detailed tutorial using sskeychain to store and retrieve usernames and passwords and to do basic authentication in a UIWebView? Secondarily, am I on the right track as far as the methods needed to store and use authentication for a web based application? (See explanation below.)
I found a couple tutorials using different methods:
Interacting with keychain directly
Handmade keychain wrapper (sic)
SFHFKeychainUtils
According to recommendations from other SO questions below, sskeychain is recommended for an easier use of the keychain to store authentication parameters.
Cocoa interface to MacOS X Keychain
https://stackoverflow.com/questions/8381072/save-username-and-password-for-url-like-gmail-com-iphone
My plan is to store a username and password locally on the device in the keychain as recommended and connect over a UIWebView using basic auth to my PHP code. Is there a good step by step tutorial for xcode/Obj-C newbies on the topic of user authentication that would be recommended by experienced iOS developers?
The Apple documentation seems less than helpful. It's either pages with simple sales jargon or just head imploding descriptions of methods and parameters without many helpful examples.
Update:
I ended up just using NSUserDefaults to store the username and password locally and the AFNetworking library to do the authentication. If these are unwise I'd welcome an answer that supplies guidance on a better method.
Using AFNetworking to do the authentication and calls to the server is great! But I would highly discourage you from storing credentials (username and password) in NSUserDefaults, since the contents are stored in a plist as plain text and can be read just by plugging your device to a mac. I recommend you to check these other questions and great post of a well-known case for further details on the topic.
You were right going for Keychain and using SSKeychain is easy and fast. You can find this good example on how to use SSKeychain to locally store the credentials.
// Store credentials in Keychain
[SSKeychain setPassword:#"thePassword"
forService:#"com.yourCompany.yourApp"
account:#"theUserName"];
// Retrieve credentials from Keychain
NSString *password = [SSKeychain passwordForService:#"com.yourCompany.yourApp"
account:#"theUserName"];
If you want to do basic auth, you might be better off using a networking service like AFNetworking. They all you to create a webclient, pass in a username/password combination and they take care of the rest.
This link show you the exact method call you need to invoke:
http://engineering.gowalla.com/AFNetworking/Classes/AFHTTPClient.html#//api/name/setAuthorizationHeaderWithUsername:password:
There is also a large community and a bunch of examples of developers using AFNetworking in all types of iOS project.
I would recommend to you to use
Lockbox
It's lightweight, works with ARC and easy to use.
I'm trying to connect a user with its Twitter account in an iPad app. Now I'm trying to understand how the oAuth protocol works at Twitter. All fine till now. But I see there is a need for signing each request. In the examples of Twitter there is stated ([http://dev.twitter.com/pages/auth][1]):
A base url:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0
A signing key:
MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98&
Which gives an outcome for a HMAC-SHA1 hash of:
8wUi7m5HFQy76nowoCThusfgB+Q=
But this is not correct for an HMAC-SHA1 hash. Or am I overseeing something?
I think you will find that the official Twitter docs are unclear at best and many times just plain wrong. The best way to learn how to use OAuth is to download one of the oAuth libraries written in a language you understand, and take that apart. At least you can be assured that the library code works. If you want to build your own code for this, then use the library as a starting point.
I've been looking around at various APIs, and since twitter seems to be a common discussion point, I'll use it as an example.
A lot of APIs are implementing oAuth which is great for allowing the service to authenicate and authorize the application connecting to it, however, from what I have seen there doesnt seem to be a way for the application to verify that Twitter is actually Twitter (and not a man in the middle based attack)? I would expect to see some kind of signature (using a shared / public key) of the response body which I can use to validate that twitter signed it.
Is it just because currently there isnt really a point to a man in the middle attack with twitter tweets since currently, whats the worst that can happen (and why would someone want to give me invalid tweets)
On this point, if you were to sign the response, what method would you use? Im currently considering a HMAC-SHA1 signature of the response body using a shared key.
This is what the 'trust' part of SSL does.
-- Edit
I note this has been downvoted, but it's important that other readers realise it's due to a personal disagreement, not due to incorrectness.
In the .NET world we use WCF, which has many different security models, including signing (and if desired encrypting) each message/response. This adds up to a non-trivial amount of overhead, but can give you more 'trust' in the security model. You can switch to using binary-serialized data to cut down on the bloat and message size if you desire.
I'm not sure what other Web Service APIs offer in that area, though I'm sure someone else can add further details as needed.