Goodreads Developers discussion

I've made some progress implementing the OAuth authorization sequence in PHP, but I don't see how to revoke the authorization I allowed so I can keep testing. I poked around in my Goodreads account pages and can't see an obvious place to revoke it.

If someone can point me to where on the Goodreads site I can revoke the authorization, I promise to get better glasses.

Thanks.

Go to your profile and look for the apps tab. Your app should be at the bottom somewhere.

I'm not seeing it there, odd.

Edited to add, actually I think it may be because I haven't successfully gotten an access token, I just noticed the request token has changed.

Edited to add, now that I have successfully gotten an access token it does show up, so that's the key.

I'm also not able to find my app anywhere in the apps tabs. I also got an access token and authorized my app. Now I'm not able to revoke it. Any ideas?

Viswanath

You are looking on your profile on the apps tab, correct?

I found that my app didn't show up on the apps tab until I had received the access token (not the request token) after the user (aka me) had allowed the app. Then it showed up at the very bottom of the apps page in a box labeled "Applications You've Given Access To"

So I approved my app once and then i got the oauth_token and authorize=1 as paramaters. Is there any step after this?

There's another step where you can (should?) exchange the request token for an access token.

Here's the page I wrote for my Drupal module to explain what was going on under the hood: http://drupal.org/node/1463168

Hey Gregg,

Thanks for the help. I got it to work now. I requested an access token and got it. But I have another question. How do i use this access token across sessions? What is the procedure when I login next time? Request for a token again?

You can save the access token and keep reusing it. I store it in a MySQL table along with the Drupal user ID and the Goodreads user ID since the first is how I know who is logged in and the Goodreads user ID is frequently used and I don't want to keep using the API to look it up over and over.

so there is no expiry for the token? and do you append this token to every request now?

I don't know if there is an expiry, in my testing I haven't see any. And the token is used in the OAuth signature generation (it is encrypted and accompanied by a nonance number)

I have got an access token and I have saved it. When i start the app the next time, I obviously need to sign in again right? (Assuming keep me signed in was not checked). so should i call www.goodreads.com/oauth/authorize with the old token again? If i get back authorize=1, can I make use of the same token?

Your OAuth library should have a way to take an access token and do the necessary encryption etc. to sign a request. That signature information gets passed in the header of the request, but not as part of the URL.

Theres no automatic expiration (at this time). A user may void any tokens from the user/edit pages.

I'm looking at user/edit and it's showing up as

Applications You've Given Access To
Application Issued
no application 2012/07/28

Shouldn't "no application" be the app name or something? If I've approved multiple apps how would I know which to revoke?

Yes, it should be the app name. I don't see an app by that name, so I'm guessing that the text is not a link (which it should be, and should link to a page revealing what the app is).

You'll get this condition if the developer key has been revoked or if the API developer does not have a URL provided for the app. If you're the owner of the app in question, try adding a URL associated with your developer key.

So I looked into your authorized apps, and it looks like you've got an app created by this user: http://www.goodreads.com/user/show/11..., which kinda looks like you (evil twin? ;) ).

Just provide a URL for the app and it should display properly. Looks like all you're doing is testing things anyway, so should've been pretty clear which app that was. ;)