Yep, two Diaspora API dev reports on one day. After taking a break for dinner and just watching some TV I got back to figuring out how to properly interface with the authentication and API from an external client. I was re-reading the OpenID spec, watching some videos, reading some presentations, et cetera. If I’m going to be working on the API this is something I definitely need to be deep diving into a lot more. My initial order of business however was just getting it working.
I had hit a fake dead end with the CSRF problem. That was because of a missing query parameter on my registration call. Up until that point I was able to get an application registered but I wasn’t able to get the next step done which was getting an application authorization token. With the extra field I could get the request to register but it would bomb out on redirect URIs (confusing OpenID documentation on that) and scope problem (I couldn’t figure out what that parameter was supposed to be. Having exhausted the lower hanging OpenID documentation fruit I decided to start trawling the repo issues for anything and everything OpenID related. Withthat Iw as able to find some samples of what the scope parameter was supposed to look like.
With that last bit I was able to successfully build an authorization request which I could then use for making subsequent calls. There are still some things about this workflow that are confusing to me, but again that’s something I can and will have to work out moving forward. What it does mean however is that I now have successfully gotten an authorization token that I can then use for testing calls in various different places (cURL, RESTClient Window, etc.). I’m now ready to start moving on then.
First thing I need to do is to start getting more intelligent about OpenID big time. I already have a list of videos, white papers, and other things to work through on that. However I’m going to be doing that alongside beginning the development of fleshing out the API starting tomorrow.