YQL, Flickr, OAuth, YAP

YQL, Flickr, OAuth, YAP Erik Eldridge Yahoo! Developer Network 3/31/09 Photo credit: Marco Bellucci((http://ow.ly/1M0c)

Follow along (or skip ahead)

http://slideshare.net/erikeldridge

YQL

YQL is select * from internet

Allows you to quickly & simply mashup data from Yahoo! and elsewhere

Programmatic SQL-like language

Successor to Yahoo! Pipes

YQL on YDN

YQL console

BOSS-like search

Public data

YQL proxy & frontend

YQL trogdor

HTML to extract

HTML extraction in console

HTML extraction code

RSS extraction

RSS raw

RSS extraction in console

RSS extraction code

RSS extracted

YQL Open Tables

Open table examples

Twitter status Open Table

Twitter status table raw

Twitter status Open Table in action

Resources

YQL: http://developer.yahoo.com/yql

Open Table examples: http://github.com/spullara/yql-tables/tree/master

PHP: http://php.net

Flickr

Flickr homepage

Flickr API page

Use YQL for public pics

Desc flickr.photos.search

Resolve Flickr username

Request user’s photos in YQL

Use proxy to get data

Catch the data in the client

Output

Flickr API endpoint

Flickr API explorer

Flickr Auth: fetching frob

Flickr auth: fetching token

Flickr auth: making request

Resources

Flickr APIs: http://www.flickr.com/services/api/

OAuth

Overview

What is OAuth?

In general, how do I use it?

Getting started with Oauth on Yahoo!

OAuth is an open protocol

Allows developers to safely access a user’s private data

Similar to OpenID

Used to secure HTTP requests

Credentials given only to trusted sites

Open alternative to proprietary protocols

Google’s AuthSub

AOL’s OpenAuth

Yahoo’s BBAuth and FlickrAuth

Facebook’s FacebookAuth

How does a developer use it?

Fetch a request token

Redirect user to authorize with request token

Fetch and store an access token

Make signed API requests

For the visually-inclined Your App (the consumer) API (Oauth provider) Your App API Access token Your App API Signed request The user API Authorization Your App API Request token Fetch request token

Yahoo! Oauth diagram

http://ow.ly/1KuX

How to get a Yahoo! Oauth API key and secret

The YDN registration form

be sure to:

Select “Web-based” from the drop-down if you want to make a web app

Request access to “private user data” if you need social data in your app

Successful registration

Shows the key and secret used for signing a request

Domain verification

For web-based apps, you will need to verify that you own the domain that will be hosting your app

The easiest way to get started is with the Yahoo! PHP SDK

<?php

require('yosdk/lib/Yahoo.inc');

$key = 'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';

$secret = 'ccb100d2ddd70c90e999055311b714db17a35029';

$app_id = 'tAPZTc48';

$session = YahooSession::requireSession($key, $secret, $app_id);

$user = $session->getSessionedUser();

$title = ' installed this OAuth app';

$link = 'http://example.erikeldridge.com/oauth/';

$suid = 'update'.time();

$user->insertUpdate($suid, $title, $link);

An example update on the Yahoo! profile page

App Updates

Updates are distributed across Yahoo! and beyond

Properties, e.g., Mail, Profiles, Buzz, etc.

Clients, e.g., Messenger, Toolbar

Externally through Updates API

The next easiest way is to use one of the freely available libraries

Fetching request token without the Yahoo! PHP SDK

<?php

require('yosdk/lib/OAuth.php');

$consumer = new OAuthConsumer($key, $secret);//key/secret from Y!

$url = 'https://api.login.yahoo.com/oauth/v2/get_request_token';

$request = OAuthRequest::from_consumer_and_token($consumer, NULL, 'POST', $url, array());

$request->sign_request(new OAuthSignatureMethod_PLAINTEXT(), $consumer, NULL);

$ch = curl_init($url);

$options = array(

CURLOPT_POSTFIELDS => $request->to_postdata(),

CURLOPT_RETURNTRANSFER => true

);

curl_setopt_array($ch, $options);

parse_str(curl_exec($ch), $resp);

curl_close($ch);

$requestToken = new stdclass();

$requestToken->key = $resp["oauth_token"];

$requestToken->secret = $resp["oauth_token_secret"];

file_put_contents('token.txt', json_encode($requestToken));

$url = sprintf("https://%s/oauth/v2/request_auth?oauth_token=%s",

'api.login.yahoo.com',

urlencode($requestToken->key)

);

echo “go here & authorize: $url”;

Fetching the access token without the Yahoo! PHP SDK, part 1

$app_id = 'tAPZTc48';

require('yosdk/OAuth.php');

$consumer = new OAuthConsumer(KEY, SECRET);

$requestToken = json_decode(file_get_contents('token.txt'));

$url = 'https://api.login.yahoo.com/oauth/v2/get_token';

$request = OAuthRequest::from_consumer_and_token($consumer, $requestToken, 'POST', $url, array());

$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, $requestToken);

$headers = array(

"Accept: application/json"

);

$options = array(

CURLOPT_POST=> true,

CURLOPT_POSTFIELDS => $request->to_postdata(),

CURLOPT_RETURNTRANSFER => true

);

parse_str(curl_exec($ch), $response);

curl_close($ch);

Fetching the access token without the Yahoo! PHP SDK, part 2

$now = time();

$accessToken = new stdclass();

$accessToken->key = $response["oauth_token"];

$accessToken->secret = $response["oauth_token_secret"];

$accessToken->guid = $response["xoauth_yahoo_guid"];

$accessToken->consumer = $consumer;

$accessToken->sessionHandle = $response["oauth_session_handle"];

if(array_key_exists("oauth_expires_in", $response)) {

$accessToken->tokenExpires = $now + $response["oauth_expires_in"];

}else {

$accessToken->tokenExpires = -1;

}

if(array_key_exists("oauth_authorization_expires_in", $response)) {

$accessToken->handleExpires = $now + $response["oauth_authorization_expires_in"];

}else {

$accessToken->handleExpires = -1;

}

file_put_contents('token.txt', json_encode($accessToken));

Making a signed request to Updates API without the Yahoo! PHP SDK, part 1

$guid = $response["xoauth_yahoo_guid"];

$title = 'Confirmation update';//arbitrary title

$description = 'The time is now '.date("g:i a");//arbitrary desc

$link = sprintf('http://%s/oauth/', ‘example.erikeldridge.com/oauth’);//arbitrary link

$source = ’APP.'.$app_id;//note: 'APP.' syntax

$date = time();

$suid = ’update'.time();//arbitrary, unique string

$body = array(

"updates" => array(

array(

"collectionID" => $guid,

"collectionType" => "guid",

"class" => "app",

"source" => $source,

"type" => 'appActivity',

"suid" => $suid,

"title" => $title,

"description" => $description,

"link" => $link,

"pubDate" => (string)$date

)

)

);

Making a signed request to Updates API without the Yahoo! PHP SDK, part 2

$url = sprintf("http://%s/v1/user/%s/updates/%s/%s",

'social.yahooapis.com',

$guid,

$source,

urlencode($suid)

);

$request = OAuthRequest::from_consumer_and_token(

$consumer,

$accessToken,

'PUT',

$url,

array());

$request->sign_request(

new OAuthSignatureMethod_HMAC_SHA1(),

$consumer,

$accessToken

);

Making a signed request to the Updates API without the Yahoo! PHP SDK, part 3

$headers = array("Accept: application/json");

$headers[] = $request->to_header();

$headers[] = "Content-type: application/json";

$content = json_encode($body);

$options = array(

CURLOPT_HTTPHEADER => $headers,

CURLOPT_POSTFIELDS => $content,

CURLOPT_RETURNTRANSFER => true,

CURLOPT_CUSTOMREQUEST => 'PUT',

CURLOPT_TIMEOUT => 3

);

$resp = curl_exec($ch);

curl_close($ch);

Resources

Hueniverse’s introduction: http://www.hueniverse.com/hueniverse/2007/10/beginners-guide.html

Yahoo!’s Oauth documentation: http://developer.yahoo.com/oauth

Yahoo! PHP and ActionScript SDKs: http://developer.yahoo.com/social/sdk/

Google’s OAuth playground: http://googlecodesamples.com/oauth_playground/

Yahoo! Application Platform

Why is Yahoo! opening up?

A history of supporting open technology

Apache, MySQL, PHP, JavaScript, BSD/Linux, to name a few

A history of hacking

Yahoo! wants to share its audience

What is the Yahoo! Application Platform?

It’s a way to run apps on Yahoo!

3 views of YAP: My Y! screenshot

3 views of YAP: canvas screenshot

3 views of YAP: y! metro

Yahoo! Application Platform (YAP)

Optimized for speed and security (YML, Caja)

Uses raw Javascript, CSS, and HTML, and Yahoo! Markup Language (YML)

Supports OpenSocial JavaScript API

How do I use it?

YDN key/secret

+

Your server

+

Your code

=

Your app on Yahoo!

Example: OpenSocial Activities

<script>

var params = {};

params[opensocial.Activity.Field.TITLE] = 'title';

params[opensocial.Activity.Field.BODY] = 'body';

var activity = opensocial.newActivity(params);

opensocial.requestCreateActivity(

activity,

opensocial.CreateActivityPriority.LOW,

function(){});

</script>

Example: Screenshot of results

What does YAP do for me?

Hundreds of millions of Yahoo! users

Instant publication

Secure, Standard JavaScript, HTML, CSS

OpenSocial JS API

Resources

developer.yahoo.com

/dashboard

/yap

/yap/yml

/social

/forums

Caja project

iframe security

! תודה Thank you!

Find me on slideshare, twitter and github @erikeldridge

YQL, Flickr, OAuth, YAP

0 comments

Notes on slide 1

4 Favorites