Skip to main content

OAuth

OAuth

OAuth2 is a protocol that lets external applications request authorization to private details in a user’s Dribbble account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.
All developers need to register their application before getting started. A registered OAuth application is assigned a unique client ID and client secret. The client secret should not be shared.

Web Application Flow

1. Redirect users to request Dribbble access.

GET https://dribbble.com/oauth/authorize

Parameters

NameTypeDescription
client_idstringRequired. The client ID you received from Dribbble when youregistered.
redirect_uristringThe URL in your application where users will be sent after authorization. See details below about Redirect URLs.
scopestringA space separated list of scopes. If not provided, scope defaults to the public scope for users that don’t have a valid token for the application. For users who do already have a valid token for the application, the user won’t be shown the authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the same scopes that were user last time the user completed the flow.
statestringAn unguessable random string. It is used to protect against cross-site request forgery attacks.

2. Dribbble redirects back to your site.

If the user accepts your request, Dribbble redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. If the states don’t match, the request has been created by a third party and the process should be aborted.
Exchange this for an access token:
POST https://dribbble.com/oauth/token

Parameters

NameTypeDescription
client_idstringRequired. The client ID you received from Dribbble when youregistered.
client_secretstringRequired. The client secret you received from Dribbble when you registered.
codestringRequired. The code you received as a response to Step 1.
redirect_uristringThe URL in your application where users will be sent after authorization. See details below about Redirect URLs.

Response

The response will be returned as JSON and takes the following form:
{
  "access_token" : "29ed478ab86c07f1c069b1af76088f7431396b7c4a2523d06911345da82224a0",
  "token_type" : "bearer",
  "scope" : "public write"
}

3. Use the access token to access the API.

The access token allows you to make requests to the API on a behalf of a user.
GET https://api.dribbble.com/v1/user?access_token=...
You can pass the token in the query parameters like shown above, but a cleaner approach is to include it in the Authorization header:
Authorization: Bearer ACCESS_TOKEN
For example, in curl you can set the Authorization header like this:
curl -H "Authorization: Bearer ACCESS_TOKEN" https://api.dribbble.com/v1/user

Client Flow

Applications are provided a read-only access token that can be used for a server implementation or public JavaScript client. Note that the access token is still subject to rate limiting.
You use the access token the same way as a web access token.

Non-Web Application Flow

We currently do not support any other authentication methods besides OAuth. If you only need read-only access try the client flow.

Redirect URLs

The redirect_uri parameter is optional. If left out, Dribbble will redirect users to the callback URL configured in the OAuth application settings. If provided, the redirect URL’s host and port must exactly match the callback URL. The redirect URL’s path must reference a subdirectory of the callback URL.
CALLBACK: http://example.com/path

GOOD: http://example.com/path
GOOD: http://example.com/path/subdir/other
GOOD: myapplication://phone-callback
BAD:  http://example.com/
BAD:  http://example.com/bar
BAD:  http://example.com:8080/path
BAD:  http://oauth.example.com:8080/path
BAD:  http://example.org
BAD:  ssh://example.com

Scopes

Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
For the web flow, requested scopes will be displayed to the user on the authorize form.
NameDescription
publicGrants read-only access to public information.This is the default scope if no scope is provided.
writeGrants write access to user resources, except comments and shots.
commentGrants full access to create, update, and delete comments.
uploadGrants full access to create, update, and delete shots and attachments.
Your application can request the scopes in the initial redirection. You can specify multiple scopes by separating them with a space:
https://dribbble.com/oauth/authorize?
  client_id=...&
  scope=public+write

Common errors for the authorization request

There are a few things that can go wrong in the process of obtaining an OAuth token for a user. In the initial authorization request phase, these are some errors you might see:

Application Suspended

If the OAuth application you set up has been suspended (due to reported abuse, spam, or a misuse of the API), Dribbble will redirect to the registered callback URL with the following parameters summarizing the error:
http://your-application.com/callback?error=application_suspended
  &error_description=Your+application+has+been+suspended.
  &state=xyz
Please contact support to solve issues with suspended applications.

Redirect URI Mismatch

If you provide a redirect_uri that doesn’t match what you’ve registered with your application, Dribbble will redirect to the registered callback URL with the following parameters summarizing the error:
http://your-application.com/callback?error=invalid_redirect_uri
  &error_description=The+redirect+uri+included+is+not+valid.
  &state=xyz
To correct this error, either provide a redirect_uri that matches what you registered or leave out this parameter to use the default one registered with your application.

Access Denied

If the user rejects access to your application, Dribbble will redirect to the registered callback URL with the following parameters summarizing the error:
http://your-application.com/callback?error=access_denied
  &error_description=The+resource+owner+or+authorization+server+denied+the+request.
  &state=xyz
There’s nothing you can do here as users are free to choose not to use your application. More often than not, users will just close the window or press back in their browser, so it is likely that you’ll never see this error.

Common errors for the access token request

In the second phase of exchanging a code for an access token, there are an additional set of errors that can occur.

Incorrect Client Credentials

If the client_id and or client_secret you pass are incorrect you will receive this error response.
{
  "error" : "invalid_client",
  "error_description" : "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
To solve this error, go back and make sure you have the correct credentials for your OAuth application. Double check the client_id and client_secret to make sure they are correct and being passed correctly to Dribbble.

Redirect URI Mismatch

If you provide a redirect_uri that doesn’t match what you’ve registered with your application, you will receive this error message:
{
  "error" : "invalid_grant",
  "error_description" : "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
To correct this error, either provide a redirect_uri that matches what you registered or leave out this parameter to use the default one registered with your application.

Bad Verification Code

If the verification code you pass is incorrect, expired, or doesn’t match what you received in the first request for authorization you will receive this error.
{
  "error" : "invalid_grant",
  "error_description" : "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
To solve this error, start the OAuth process over from the beginning and get a new code.

Comments

Popular posts from this blog

Hidden Wiki

Welcome to The Hidden WikiNew hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!!
Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it.
The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with.
Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction PointsAhmia.fi - Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database). DuckDuckGo - A Hidden S…

Explainer: The nico-teen brain

Explainer: The nico-teen brain The adolescent brain is especially vulnerable to the addictive effects of nicotine BY  TERESA SHIPLEY FELDHAUSEN 7:00AM, AUGUST 19, 2015 Nicotine (black triangle towards center left) tricks the nerve cell (neuron) into sending a message to release more dopamine (yellow dots). Those molecules enter the space (synapse) between one nerve cell and the next. When they get picked up by neighboring cells, this gives users a feel-good high. It also creates the risk of addiction and other health problems.  EMail Print Twitter Facebook Reddit Google+ NATIONAL INSTITUTE ON DRUG ABUSE, ADAPTED BY J. HIRSHFELD Nicotine is the addictive chemical in tobacco smoke and e-cigarette vapors. And doctors say the teenage brain is no place for it to end up. Nicotine can reach the brain within seven seconds of puffing on a cigar, hookah, cigarette or electronic cigarette.
The area of the brain responsible for emotions and controlling our wild impulses is known as the prefrontal c…

fix idm integration on chrome

Chrome Browser IntegrationI do not see IDM extension in Chrome extensions list. How can I install it? 
How to configure IDM extension for Chrome?Please note that all IDM extensions that can be found in Google Store are fake and should not be used. You need to install IDM extension manually from IDM installation folder. Read in step 2 how to do it.

1. Please update IDM to the latest version by using "IDM Help->Check for updates..." menu item

2. I don't see "IDM Integration module" extension in the list of extensions in Chrome. How can I install it?

Press on Chrome menu (arrow 1 on the image), select "Settings" menu item (arrow 2 on the image) and then select "Extensions" tab (arrow 3 on the image). After this open IDM installation folder ("C:\Program Files (x86)\Internet Download Manager" by default, arrow 4 on the image) and drag and drop "IDMGCExt.crx" (arrow 5 on the image) file into "Extensions" page opened in…