A desktop-based application communicates directly with Fire Eagle without going through a web server that modifies the requests. These applications can be applications that run on the user's computer such as a Flash web-embeddable object. For each user that wants to authorize your app, the following illustrates the authorization flow.
|
Obtaining an unauthorized request token
Request Token URL
https://fireeagle.yahooapis.com/oauth/request_token
Required Parameters:
oauth_consumer_key : application consumer keyoauth_callback : set this to a value of 'oob'oauth_nonce, oauth_timestamp, oauth_signature_method, oauth_version, oauth_signature
HTTP Method:
Same as for web and mobile based applications, except that, unlike web, you cannot pass a callback URL.
|
|
Obtaining user authorizations
User Authorization URL
https://fireeagle.yahoo.net/oauth/authorize
Required Parameters:
oauth_token : the request_token that you obtained in step one
HTTP Method:
After obtaining the request token, your application constructs the authorization URL to call Fire Eagle with the request token. The user follows the authorization URL to the Fire Eagle site where he or she can choose whether to authorize your application or not.
Because there is no callback URL for desktop applications, Fire Eagle will display instructions to the user to follow the next steps on your application. In particular, it will display a 6-character verification code that your application should require the user to key in.
|
|
Obtaining user-specific access token
Access Token URL
https://fireeagle.yahooapis.com/oauth/access_token
Required Parameters:
oauth_consumer_key : application consumer keyoauth_verifier : verification code keyed in by user in step 2.oauth_token : the request_token that you obtained step oneoauth_nonce, oauth_timestamp, oauth_signature_method, oauth_version, oauth_signature
HTTP Method:
Same as for mobile-based applications.
|
|
Managing and storing the access token
You will receive an access token and access secret for the user which you need to store together securely. The access token ties the user to your application and is your pass to update and query for the the user's location within Fire Eagle. You need to figure out how your application associates the access token with your application's representation of the user. The access secret is used to sign your application's query and update requests for the user.
For desktop-based applications, the access token and access secret is intended to be distributed to that user's machine. You should store these credentials as safely as possible on the use's machine (e.g. encrypted in a secure device data store) as the user's location information may be exposed if the user's access token and access secret are compromised.
|