Redirecting to authorization url in OAuth

Question

I'm trying to consume the Assistly Desk.com API. What I do not understand with OAuth, is that we're just going to be querying the Desk.com API for data in my wrapper I'm creating. There's no UI that we're going to be using to force the user to "log in" when you do that redirect after getting the request token & secret (temporary credentials) ...where you redirect to the authorization url. All docs I see about OAuth talk about the user signing in at that point and authorizing whatever app.

Well what if you're just wrapping the API? What do you do then at that authorization step? Again I'm not going to have a user manually authorize...so what do you do?

Answer 1

For daily operations, you:

I'm trying to consume the Assistly Desk.com API.

You do signed OAuth requests for consuming an OAuth API. Such a request uses your access token to access a protected resource.

response_json=oauth_request(access_token,'api.desk.com/user_jane/protected_resource.json')

---

An access token is an affirmation of the fact that the user authorizes your application on Desk.com to act on his behalf. Once you possess it, you can do any actions on his behalf, anytime; as long as the access token lasts (even forever).

You need to gain it in the first place in a one-off action. Hence you need the user's consent. Once.

---

Some Applications provide identity services as well as an OAuth API. For example, Stack Overflow logs you in using the identity provided by Google, Facebook or other services. That is another distinct technology called OpenID. Hope you dont get confused over the two, like when you mentioned:

..going to be using to force the user to "log in" [I infer an "everytime" here]...