5

I tried to pull my location data from openpaths.cc to use it with R. The API uses OAuth and is documented here, however, it only provides an example in Python.

After looking around how to handle OAuth (which I am barely familiar with) in R, I found ROAuth, so I used the usage example provided as a basis.

According to the API-documentation, the endpoint for all requests is https://openpaths.cc/api/1, and I have my access key and access secret, so I naively plugged them in for cKey, cSecret, reqURL, accessURL, authURL, and testURL, but only got "bad request" as a result from the credentials$handshake() line. 

reqURL <- "https://openpaths.cc/api/1"
accessURL <- "https://openpaths.cc/api/1"
authURL <- "https://openpaths.cc/api/1"
cKey <- "key"
cSecret <- "secret"
testURL <- "https://openpaths.cc/api/1"
credentials <- OAuthFactory$new(consumerKey=cKey,
                                consumerSecret=cSecret,
                                requestURL=reqURL,
                                accessURL=accessURL,
                                authURL=authURL,
                                needsVerifier=TRUE)
credentials$handshake()
## the GET isn’t strictly necessary as that’s the default
credentials$OAuthRequest(testURL, "GET")

While I feel like I have no idea what I'm doing, I at least verified that ROAuth is capable of using the HMAC-SHA1 method, wich is required by openpaths.

EDIT: I have ROAuth version 0.9.3 installed

EDIT2: After learning about httr, I thought this might be the appropriate library for the task, however I still could not produce any usable results, since the token creation via oauth1.0_token only lead to a Bad request again. I think my primary problem is the lack of API documentation from openpaths.cc. With all these tools, I still have no idea how to properly use them.

Jemus42
  • 629
  • 9
  • 24
  • What is the question - are you after specificly resolving the bad request for the handshake? Or are you asking whether you are using ROAuth correctly? – mockinterface Feb 21 '14 at 11:31
  • Both, more or less. My primary problem is that I don't know how to deal with the openpaths API in the first place, and not finding any documentation on it besides the python example, so I don't know if what I'm doing there with ROAuth even makes sense. Unfortunately, openpaths doesn't seem to have a tag here and I have too little reputation to create one. – Jemus42 Feb 22 '14 at 18:17
  • 1
    Interesting question, I could not get it work either. Note that the `httr` package contains some oauth examples which may be easier to adapt to this problem than `ROAuth`. – Karsten W. Feb 26 '14 at 23:02
  • I'll whip you up an httr example as soon as openpaths is up again. There's definitely something wrong with your setup because reqURL etc should all be different. – hadley Apr 22 '14 at 13:56
  • Ah, this uses two legged OAuth, which is a bit unusual. It'll take me a little longer than expected to get something that works. – hadley Apr 22 '14 at 22:58

2 Answers2

0

Here is as far as I got. I receive a "400 Not Authorized", maybe this is due to the fact that my openpaths account is not connected to foursquare, maybe something is wrong with the code. Please try it out!

Required packages:

library(RCurl)
library(digest)
library(base64)

Some functions borrowed/adapted from ROAuth:

## Get a random sequence of characters.
## Nonce - number used only once.
genNonce <- function(len = 15L + sample(1:16, 1L)) {
  els <- c(letters, LETTERS, 0:9, "_")
  paste(sample(els, len, replace = TRUE), collapse = "")
}

## this function is derived from utils::URLencode
## Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded
##   unreserved = ALPHA, DIGIT, '-', '.', '_', '~'
## cf. http://oauth.net/core/1.0/#encoding_parameters
encodeURI <- function(URI, ...) {
  if (!is.character(URI)) {
    URI
  } else {
    OK <- "[^-A-Za-z0-9_.~]"
    x <- strsplit(URI, "")[[1L]]
    z <- grep(OK, x)
    if (length(z)) {
      y <- sapply(x[z], function(x) paste("%", toupper(as.character(charToRaw(x))),
                                          sep = "", collapse = ""))
      x[z] <- y
    }
      paste(x, collapse = "")
  }
}

## we escape the values of the parameters in a special way that escapes
## the resulting % prefix in the escaped characters, e.g. %20 becomes
## %2520 as %25 is the escape for %
## cf. http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
normalizeParams <- function(params, escapeFun) {
  names(params) <- sapply(names(params), escapeFun, post.amp = TRUE)
  params <- sapply(params, escapeFun, post.amp = TRUE)
  ## If two or more parameters share the same name, they are sorted by their value.
  params <- params[order(names(params), params)]
  return(paste(names(params), params, sep = "=", collapse = "&"))
}

## From Ozaki Toru's code at https://gist.github.com/586468
signWithHMAC <- function(key, data) {
  blockSize <- 64
  hashlength <- 20
  innerpad   <- rawToBits(as.raw(rep(0x36, blockSize)))
  outerpad   <- rawToBits(as.raw(rep(0x5C, blockSize)))
  zero       <- rep(0 ,64)

  HexdigestToDigest <- function(digest) {
    as.raw(strtoi(substring(digest, (1:hashlength)*2-1,
                            (1:hashlength)*2), base=16))
  }

  mac <- function(pad, text) {
    HexdigestToDigest(digest(append(packBits(xor(key, pad)), text),
                             algo='sha1', serialize=FALSE))
  }

  if(nchar(key) >= 64) {
    keyDigested <- digest(key, algo="sha1", serialize=FALSE)
    key <- intToUtf8(strtoi(HexdigestToDigest(keyDigested), base=16))
  }
  key <- rawToBits(as.raw(append(utf8ToInt(key), zero)[1:blockSize]))

  base64(mac(outerpad, mac(innerpad, charToRaw(data))))[1]
}

## Sign an request made up of the URL, the parameters as a named character
## vector the consumer key and secret and the token and token secret.
signRequest  <- function(uri, consumerKey, consumerSecret, params=character(), 
                         oauthKey = "", oauthSecret = "", httpMethod = "GET",
                         nonce = genNonce(),
                         timestamp = Sys.time()) {
  httpMethod <- toupper(httpMethod)

  params["oauth_nonce"] <- nonce
  params["oauth_timestamp"] <- as.integer(timestamp)
  params["oauth_consumer_key"] <- consumerKey
  params["oauth_signature_method"] <- 'HMAC-SHA1'
  params["oauth_version"] <- '1.0'
  if(oauthKey != "") params["oauth_token"] <- oauthKey
  odat <- paste(
      encodeURI(httpMethod), encodeURI(uri), 
      encodeURI(normalizeParams(params, encodeURI), post.amp = TRUE),
      sep = "&"
  )
  okey <- encodeURI(consumerSecret)
  if(oauthSecret != "") okey <- paste(okey, encodeURI(oauthSecret), sep = "&")

  params["oauth_signature"] <- signWithHMAC(okey, odat)
  return(params)
}

Now this function tries to replicate the example at the openpaths website:

openpaths <- function(
    access_key=getOption("openpaths.access_key"), 
    secret_key=getOption("openpaths.secret_key"), 
    curl=getCurlHandle()) {

    uri <- 'https://openpaths.cc/api/1'
    params <- signRequest(uri, consumerKey=access_key, consumerSecret=secret_key)
    oa_header <- paste(names(params), params, sep="=", collapse=",")
    ret <- getURL(
        uri,
        curl=curl,
        .opts=list(
            header=TRUE,
            verbose=TRUE,
            httpheader=c(Authorization=paste("OAuth ", oa_header, sep="")),
            ssl.verifypeer = TRUE, 
            ssl.verifyhost = TRUE, 
            cainfo = system.file("CurlSSL", "cacert.pem", package = "RCurl")
        )
    )
    return(ret)
}
Karsten W.
  • 17,826
  • 11
  • 69
  • 103
  • Hm, when I source your functions, plug in my keys and try `test <- openptahs()`, it tells me `CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!` and later `HTTP/1.1 400 Bad Request` … Since this is way above my head, I don't really know how to interpret this. – Jemus42 Feb 28 '14 at 18:31
  • What is your version of `RCurl`? – Karsten W. Feb 28 '14 at 21:52
  • `1.95-4.1` – I also checked for package updates (I'm using Rstudio) just now, there was none for RCurl. – Jemus42 Mar 01 '14 at 13:01
0

I've made some progress on this problem, although it's challenging due to the flakiness of the site, and the custom OAuth process that they're using. First you'll need to install development version of httr - this exports some previously internal functions.

devtools::install_github("hadley/httr")

OpenPaths is unusual in that the app secret and key are the same as the token and token secret. This means we need to write a custom auth header:

library(httr)

app <- oauth_app("OpenPaths", "JSLEKAPZIMFVFROHBDT4KNBVSI")
#> Using secret stored in environment variable OPENPATHS_CONSUMER_SECRET

# Implement custom header for 2-leg authentication, and oauth_body_hash 
auth_header <- function(url, method = "GET") {
  oauth_signature(url, method, app, app$key, app$secret,
    # Use sha1 of empty string since http request body is empty
    body_hash = "da39a3ee5e6b4b0d3255bfef95601890afd80709")  
}

Then you can use this to sign your request. This is currently failing for me because the site seems to be down (again).

url <- "https://openpaths.cc/api/1"
r <- GET(url, oauth_header(auth_header(url)))
stop_for_status(r)
content(r)
hadley
  • 102,019
  • 32
  • 183
  • 245
  • I've tried it a few times over the past few hours, but except the occasional timeout I only received `XML content does not seem to be XML: '400: NOT AUTHORIZED'` as an answer. I'm kind of irritated by the apparent oddness of the API, since the website stated it is intended to be very straight forward to use. As for the flakyness – I don't remember the site being flaky before, this seems to be a (unfortunately timed) recent issue. – Jemus42 Apr 23 '14 at 18:28