|
Everything's here[^].
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
Thanks!
Within you lies the power for good - Use it!
|
|
|
|
|
I've been frustrated with the forum mechanisms here at CP for years. Today I took another look around for an API to see if I could code a solution around the issues, and I found the new API. The methods available for forum access are primitive but it's a start. My first goal will be to write a C# app that helps users to keep track of any updates to discussions on articles of interest. That may get extended later to help with watching specific threads. I'll see if I can write something up to publish as a Sample.
Sincere thanks to everyone who works on this.
|
|
|
|
|
Wow! I am first to post a message here!
So, my question is, is there any "persistent" access token which I could use to query both My and Other APIs and which doesn't expire at all (so that I could hard-code it)? I am thinking to write a small WPF application (purely for personal use) and not able to figure out how to query the "My" API. I am able to get the access token as given in the sample Console application, but not able to query the "My" API using it.
While the documentation does say -
The My API gets information about the logged in User. As such, the My API requires the user to grant the client application access to their information using the Authorization Code Grant or Implicit Grant flow from the OAuth2 specification to get the Access Token. , and I tried referring this [^] article on Authorization Code Grant and Implicit Grant, I am not able to figure out how to implement it and where and how exactly should I use the Redirection URL and Grant Permission stereotype in a WPF application.
Any help would be greatly appreciated.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
Yeah - we can do that. It might take a little time but we'll let you know when it's in place.
cheers
Chris Maunder
|
|
|
|
|
Thanks! Please see my reply to Mr. Dennis below.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
|
OK, just gave a quick try to this using Postman and used a POST to https://api.codeproject.com/Token with my CP username, password and password as grant_type in x-www-form-urlencoded as you (and in the OAuth documentation) suggested, but it's returning a 400 Bad Request - "invalid_client" response. However, same POST to https://api.codeproject.com/ seemed to be working as it returned some "valid" HTML.
I will give it a try again. However, I would like to share an observation -
If I login into the API manually through a browser and capture the access token by running a sample under the My API, not only I can use it for both the APIs, it seems to be lasting quite some long time. As far as I can see, I can still make requests to the API using the access token I captured yesterday (almost 12-14 hours).
Can you please enlighten this behavior? I mean the lifetime of such access tokens? Even if they are lasting for a couple of days, I can make the access token configurable in my application (as it will be only for personal use) and replace it manually bypassing these OAuth steps through the application.
Please let me know, thanks again for the API.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
I needed to turn on the Resource Owner flow. I've done that and added a sample that should get you going.
The Access Token has a limited lifetime, currently 14 days. This will change once I implement Refresh tokens and a way to quickly invalidate Access Tokens. Because of this, check for 401 responses, and get a new Access Token if you get one.
There are some security issues with creating a permanent Access Token. That being said, if we can invalidate it on the server, there is a valid Use Case for them. We will toss this into the hat.
|
|
|
|
|
Thank you.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|