Recently I was working on a feature that required the use of a reverse geo-coding service. For those of you that don't know, a reverse geo-coding service takes coordinates (latitude and longitude) and translates them to an address. We decided to use Yahoo BOSS's PlaceFinder service as the price was right and the free alternatives didn't provide enough quota for our purposes. But there was a problem...
OAuth isn't really a big deal if you're working on an application with a user interface that can react to security prompts and such, but I'm not, my application runs as a web service that does not have the opportunity to prompt the end user.
So what to do?
If you're using the JVM platform I highly recommend the Scribe library, it really does make things easier to deal with.
So anyway, let's get started...
The first thing you need to do is generate an initial access token, access secret, and an OAuth session handle (I'll explain in a bit).
Using the following Groovy script I was able to generate everything I needed:
The access token and access secret are only good for an hour, but that's OK because we'll be able to refresh the access token and secret using that OAuth session handle that we extracted.
Now that we've gathered our tokens and secrets and sessions handles (OH MY!), we need a method that will retrieve a fresh token for us when appropriate. I have the following method setup so that if a retrieved token is more than thirty minutes old we go ahead and refresh.
Notice on line 38 in the above example we're adding an OAuth parameter called "oauth_session_handle" and providing the session handle that we gathered using the script from the beginning of the post. The session handle allows us to identify the app as having been previously authorized even if the access token and secret have expired.
At this point we have everything we need to finally make a request for data from one of the Yahoo BOSS APIs.
Pay special attention to the comment on line 2 in the above example, it's super important. If the request URL isn't properly escaped (URL encoded) you'll get an error response similar to the following:
So that's about all there is to it.
Still not a big fan of dealing with OAuth, though after this implementation and writing this post it doesn't seem that big a deal.