0

I am trying to establish an "implicit" Oauth2 authorization flow for my test connect in R to StackOverflow via the StackExchange API.

I am in situation #3 of this related post, that specifies how to set the redirect_uri and other values in a lanugage-agnostic way.

I've taken the steps described, namely setting up the app on StackApps.com to enable implicit authentication.

I've replicated the linked instructions in R with the httr library, the only major adaptation is that apparently httr requires the client secret earlier in the process than StackOverflow actually requires it.

library(httr)

# in the StackApps answer stackoverflow.com was used here.
# that just took me to the landing page.

# the docs use this URI and it gets me closer but 
# it just says "Authorizing Application" with a blank page under that
#   and it never completes.
end <- oauth_endpoint(authorize   = "stackoverflow.com/oauth", 
                           access = "stackoverflow.com/oauth")


client_secret = "secret_code_here"

myapp <- oauth_app("myapp",
                   key    = "12665", # not a secret
                   secret = client_secret,
                   redirect_uri="https://stackexchange.com/oauth/login_success")


token <- oauth2.0_token(end,
                        myapp,
                        scope=NULL)
                        #,use_oob=T)

When I run my code a browser automatically opens and goes to StackOverflow.com. However, it just takes me to the landing page and Oauth never completes.

I tried it with use_oob=T and the only difference was that R prompted me for an authorization code that was never provided. enter image description here

Hack-R
  • 22,422
  • 14
  • 75
  • 131
  • 1
    I don't know R or the httr library, but that code doesn't seem setup for [what the SE API requires](https://api.stackexchange.com/docs/authentication). It should probably be `authorize = "stackoverflow.com/oauth/dialog"` for starters and `scope` can't be NULL. And is `key` actually sending `client_id` (in the HTTP request)? If not, that's a problem too. – Brock Adams Jun 16 '18 at 06:14
  • @BrockAdams Oh, thank you again Brock!! You are the patron Saint of the API. I didn't know the `scope` couldn't be NULL. Fortunately the parameter it calls `key` actually maps to `client_id` in the URI. I will try some changes based on your comment and if that doesn't work I'll try a different library. – Hack-R Jun 16 '18 at 13:48
  • I also noticed something else super weird. If I try it without `use_oob=T` then I even though it leads to that screen and doesn't complete, there's an authorization code in the URI. So if I copy that, then re-run it without `use_oob=T` then I can paste the prior code I found in the URI as the Authorization Code. But that's terribly hacky. You see what I mean right? Basically it never works, but I can "hack" it by using info from 1 broken attempt to fix a different broken attempt lol. – Hack-R Jun 16 '18 at 13:51
  • @Hack-R have you the restriction of 10000 calls per day? – Pozmanski Jul 09 '18 at 10:07
  • @Pozmanski Good question, but no. I never even really got 1 successful call (or if I did only 1). – Hack-R Jul 09 '18 at 14:04

0 Answers0