How do I develop against OAuth locally?

Question

I'm building a Python application that needs to communicate with an OAuth service provider. The SP requires me to specify a callback URL. Specifying localhost obviously won't work. I'm unable to set up a public facing server. Any ideas besides paying for server/hosting? Is this even possible?

Answer 1

So how I solved this issue (using BitBucket's OAuth interface) was by specifying the callback URL to localhost (or whatever the hell you want really), and then following the authorisation URL with curl, but with the twist of only returning the HTTP header. Example:

curl --user BitbucketUsername:BitbucketPassword -sL -w "%{http_code} %{url_effective}\\n" "AUTH_URL" -o /dev/null

Inserting for your credentials and the authorisation url (remember to escape the exclamation mark!).

What you should get is something like this:

200 http://localhost?dump&oauth_verifier=OATH_VERIFIER&oauth_token=OATH_TOKEN

And you can scrape the oath_verifier from this.

Doing the same in python:

import pycurl
devnull = open('/dev/null', 'w')
c = pycurl.Curl()

c.setopt(pycurl.WRITEFUNCTION, devnull.write)
c.setopt(c.USERPWD, "BBUSERNAME:BBPASSWORD")
c.setopt(pycurl.URL, authorize_url)
c.setopt(pycurl.FOLLOWLOCATION, 1) 
c.perform()

print c.getinfo(pycurl.HTTP_CODE), c.getinfo(pycurl.EFFECTIVE_URL)

I hope this is useful for someone!

Answer 2

In case you are using *nix style system, create a alias like 127.0.0.1 mywebsite.dev in /etc/hosts (you need have the line which is similar to above mentioned in the file, Use http://website.dev/callbackurl/for/app in call back URL and during local testing.

Answer 3

This was with the Facebook OAuth - I actually was able to specify 'http://127.0.0.1:8080' as the Site URL and the callback URL. It took several minutes for the changes to the Facebook app to propagate, but then it worked.

Answer 4

You could create 2 applications? 1 for deployment and the other for testing.

Alternatively, you can also include an oauth_callback parameter when you requesting for a request token. Some providers will redirect to the url specified by oauth_callback (eg. Twitter, Google) but some will ignore this callback url and redirect to the one specified during configuration (eg. Yahoo)

Answer 5

localtunnel [port] and voila

http://blogrium.wordpress.com/2010/05/11/making-a-local-web-server-public-with-localtunnel/

http://github.com/progrium/localtunnel

Answer 6

Two things:

1. The OAuth Service Provider in question is violating the OAuth spec if it's giving you an error if you don't specify a callback URL. callback_url is spec'd to be an OPTIONAL parameter.

2. But, pedantry aside, you probably want to get a callback when the user's done just so you know you can redeem the Request Token for an Access Token. Yahoo's FireEagle developer docs have lots of great information on how to do this.

Even in the second case, the callback URL doesn't actually have to be visible from the Internet at all. The OAuth Service Provider will redirect the browser that the user uses to provide his username/password to the callback URL.

The two common ways to do this are:

1. Create a dumb web service from within your application that listens on some port (say, http://localhost:1234/) for the completion callback, or
2. Register a protocol handler (you'll have to check with the documentation for your OS specifically on how to do such a thing, but it enables things like <a href="skype:555-1212"> to work).

(An example of the flow that I believe you're describing lives here.)

Answer 7

This may help you:

http://www.marcworrell.com/article-2990-en.html

It's php so should be pretty straightforward to set up on your dev server.

I've tried this one once:

http://term.ie/oauth/example/

It's pretty simple. You have a link to download the code at the bottom.