Skip to content

Latest commit

 

History

History
60 lines (41 loc) · 2.63 KB

authentication.md

File metadata and controls

60 lines (41 loc) · 2.63 KB
Raw

Authentication

Bitly requires OAuth access tokens to use the API. You will need to register your application with the Bitly API, you will get a client_id and client_secret.

There are 3 methods you can use to get an OAuth access token:

Account Generic Access Token

You can get your own OAuth token for your account from the Bitly console. Click on the account drop down menu, then Profile Settings then Generic Access Token. Fill in your password and you can generate an OAuth access token.

OAuth Web Flow

Redirect the user to the Bitly authorization page using your client_id and a redirect_uri that Bitly should redirect your user to after authorization. You can get the URL like so:

oauth = Bitly::OAuth.new(client_id: client_id, client_secret: client_secret)
oauth.authorize_uri("http://myexamplewebapp.com/oauth_page")
#=> "https://bitly.com/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Fmyexamplewebapp.com%2Foauth_page"

You can pass an optional state parameter that will be included, unchanged, in the redirect.

oauth.authorize_uri("http://myexamplewebapp.com/oauth_page", state: "state")
#=> "https://bitly.com/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Fmyexamplewebapp.com%2Foauth_page&state=state"

Once the user has authorized you to use their Bitly account, you will get a code parameter in the redirect. You can exchange that code, along with the redirect_uri, for the access token.

oauth.access_token(redirect_uri: "http://myexamplewebapp.com/oauth_page", code: "code")
#=> "<ACCESS_TOKEN>"

Resource Owner Credential Grant Flow

If you cannot perform a web flow, the resource owner credential grant flow allows you to take a user's username and password and exchange it for an OAuth access token. If you use this method you should store only the user's access token and never the password.

To use the resource owner credential grant flow, create an OAuth client object then request the access token with the username and password:

oauth = Bitly::OAuth.new(client_id: client_id, client_secret: client_secret)
oauth.access_token(username: username, password: password)
#=> "<ACCESS_TOKEN>"

Initialise the API client

Once you have an OAuth token, you can initialise the API client with the token like this:

client = Bitly::API::Client.new(token: token)