Friday, October 2, 2009

Ruby on Rails with OAuth for integrating TripIt

Here is an example of utilizing OAuth with TripIt using Ruby on Rails.

OAuth is an open protocol to allow secure API authorization in a standard method for desktop, mobile and web applications. http://en.wikipedia.org/wiki/OAuth

TripIt is an interesting social networking application for your travel itinerary http://www.tripit.com/

All the examples below are to be run in "irb" but work fine in your rails app. You need to figure where to store the variables I pass in (this is up to you and how your app is setup of course).

First things first... you need a TripIt developer account http://www.tripit.com/developer. Make sure you add an application (call it what you like but you need to submit it so that you get an "API Key" and an "API Secret".

For our example (since I do not want to give you mine NOR should you give out yours to others) I will use "api_key_shhhh" and "api_secret_shhhh" as the values that you will getting from TripIt.

Now before we get started make sure you go into your regular user account on TriptIt and a add your self a trip (or more). This example will list trips so you need them to see the XML we are going to query through the API.

lets get "oauth" installed now

gem install oauth

Ok, now to the code (all of this is for irb but you can have it work in your rails app, no probelm).

gem 'oauth'
require 'oauth/consumer'

api_key = "api_key_shhhh"
api_secret = "api_secret_shhhh"

@consumer=OAuth::Consumer.new api_key,api_secret,{:site=>"https://api.tripit.com"}

@request_token=@consumer.get_request_token
@request_token.secret

#ok now in your rails app you want to redirect and create (dynamically) the URL we are creating by hand which we will copy and paste it.

OK NOW THIS IS IMPORTANT. Do not use @request_token.authorize_url because the URL is wrong. In your rails app you should dynamically create what we are about to-do by hand (concatenate yourself silly). ALSO, The URL that you put into your setting when creating the application... if it was localhost (or blank) this will not work but have no fear there is simple workaround by overriding in the URL.

There are a few important parts of the URL and you need to take the @request_token.secret value which for this example let me call it XXXXXXXXXXXXXXXX

Put this in your browser now https://www.tripit.com/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXX&consumer_key=api_key_shhhh&oauth_callback=http%3A%2F%2Fwww.yahoo.com

TripIt will now ask the user if it is alright for the application (in the real rails app redirect_to the concatenated URL you made) you just created to access their account (in our example this should be your account you are granting your application access to). Now notice that oauth_callback. In "real world" rails app that should be YOUR application to accept the user back in to-do stuff which TripIt will redirect to when done. All of the URL has to be URL encoded and "consumer_key" is that first value you get from TripIt (NOT THE SECRET) when you submit your application.

Ok, now you are just about done.

TripIt trusts you and now you just have to save that trust to use later in your app.

To save that trust (back to your terminal irb picking up where we left off)

@access_token=@request_token.get_access_token
@access_token.token
@access_token.secret

NOW SAVE the token and secrete from the access token (where ever you like for THIS user).

Ok, last step now that the user has authorized now you want to keep using that authorization from that users to-do TripIt actions (they would get annoyed if you had to keep asking them because you skipped this step) for that user through the API.

copy both access_token.token and @access_token.secret you are about to need them

exit irb

now go back to irb so you can see it all still working fine.

gem 'oauth'
require 'oauth/consumer'

API_KEY = "api_key_shhhh"
API_SECRET = "api_secret_shhhh"

ACCESS_TOKEN = "@access_token.token"
ACCESS_SECRET = "@access_token.secret"

@consumer=OAuth::Consumer.new API_KEY,API_SECRET,{:site=>"https://api.tripit.com"} #, :consumer_key=>"consumer key working"}

@access_token = OAuth::AccessToken.new(@consumer, ACCESS_TOKEN, ACCESS_SECRET)
puts @access_token.get('/v1/list/trip')

and here you go now with your XML back from TripIt per their spec http://groups.google.com/group/api_tripit/web/tripit-api-documentation---v1

Make sure "@access_token.token" and "@access_token.secret" are the values you saw in irb and copied before you closed it as that variable is GONE.

/*
Joe Stein
http://www.linkedin.com/in/charmalloc
*/

1 comment:

  1. Sweet ! Nice Job ! If you get bored and want to help me with my silly hobby, go to slide 21

    http://www.myhealthcarestuff.com/presentation.html

    http://www.linkedin.com/in/michaelejahn

    ReplyDelete