Oauth 1.0a in Django

Question

I'm trying to make authorised calls on the Rdio API in my Django application. I've been looking at the following tutorial so far to get it set up:

http://www.rdio.com/developers/docs/web-service/oauth/ref-oauth1-overview

The code at the bottom of the page works fine for me: I can get the request token, authorise the user using the PIN, and then make a call using the new access token.

However, I'd like to implement the callback so that the user can just log in and return to my site so that I can make authorised requests with their account. I currently have a page with a link to authorise the application, where the function to get the link is like so:

def get_auth_url():
    client = oauth.Client(consumer)
    response, content = client.request('http://api.rdio.com/oauth/request_token', 'POST', urllib.urlencode({'oauth_callback': 'http://localhost:8080/my_page/'}))
    parsed_content = dict(cgi.parse_qsl(content))
    request_token = oauth.Token(parsed_content['oauth_token'], parsed_content['oauth_token_secret'])
    sURL = '%s?oauth_token=%s' % (parsed_content['login_url'], parsed_content['oauth_token'])
    return sURL

This is okay, and when I click this link I go to a page asking to authorise my account for this application. However, I then need to get the access token from the request token that my user has just authorised. The callback from the authorisation page gives me oauth_verifier and oauth_token arguments but constructing the request token requires oauth_token and oauth_token_secret. I had the secret on the first call but can't get it again in this second call, and the tutorial said that I shouldn't store the secret anywhere accessible or transfer it across requests. And since these are two different requests I can't think of where to store the persistent request token. How can I get the oauth_token_secret on this second request so that I can get the access token?

Oauth 1.0a in Django

Answers (1)

Related Questions