PHP Classes

Non interactive OAuth sessions?

Recommend this page to a friend!

      PHP OAuth Library  >  All threads  >  Non interactive OAuth sessions?  >  (Un) Subscribe thread alerts  
Subject:Non interactive OAuth sessions?
Summary:Accessing OAuth protected resources in scheduled jobs
Messages:4
Author:John Du
Date:2013-08-04 06:50:58
Update:2013-08-05 20:30:01
 

  1. Non interactive OAuth sessions?   Reply   Report abuse  
Picture of John Du John Du - 2013-08-04 06:50:59
I am trying to write a script to talk to box.net periodically without human intervention.

I installed this package and have successfully run login_witth_box.php with a web browser. However, I ran into the following problems:

1. Each time a new browser is used, a box.net user authentication is initiated. The resource owner has to be authenticated with box.net. I am confused here. The resource owner has given permissions to this app, why does each new browser need to be authenticated. If 1000 users use my app (login_with_box.php), I would have to type my box.net credentials 1000 times. I must have done something wrong.

2. Can I somehow run the login_with_xxx.php scripts from the command line? This does not work for me now because the command line initiated script is considered a new browser and resource owner authentication is needed.


  2. Re: Non interactive OAuth sessions?   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2013-08-04 07:17:56 - In reply to message 1 from John Du
The authorization process is just to ask the user permission to access the API on his behalf.

Once the authorization is obtained, you get an access token to access the API when the user is not present.

That access token is stored in the class access_token variable.

By default the class also saves access tokens in session variables. But sessions only exist in Web accesses from the same user.

If you call the class from the command line, the user is not present, so it cannot access the user session data.

So, you need to copy the value of the access_token variable to somewhere (a database for instance) and restore it when you need it to access the API offline.

Alternatively, the class comes with a subclass that can store authorization tokens in a database, and another subclass to store it specifically in a MySQL database using the mysqli extension.

You can read more about this in this article about off-line access. It uses Google API as example, but it works the same with the Box API.

phpclasses.org/blog/package/7700/po ...

  3. Re: Non interactive OAuth sessions?   Reply   Report abuse  
Picture of John Du John Du - 2013-08-04 07:57:25 - In reply to message 2 from Manuel Lemos
Thank you very much for your quick reply. I'll read the article re mentioned.

  4. Re: Non interactive OAuth sessions?   Reply   Report abuse  
Picture of John Du John Du - 2013-08-05 20:30:01 - In reply to message 2 from Manuel Lemos
Manuel,

Thank you again for this wonderful package. I have successfully run my box.net API scripts without a human user intervention.

John