Jabber-to-Evernote Gateway from the inside
Some time ago, I launched a bot for posting to Evernote via jabber and promised to open the source code to show examples of working with Evernote API and OAuth.
The code is at the end of the article, and for starters, I will talk about some of the features of working with Evernote.
In order to use the Evernote API, you need to send a request to the support service and get a consumer key. Surprises start here already - it is not written about anywhere, but there are two types of keys: for client applications (with access by login and password) and for access via web authorization - OAuth. In the letter, be sure to specify exactly what you need.
Important: all OAuth access parameters (rights, lifetime of the token) are set on the server side, so it’s better to write about them immediately. The maximum lifespan is 365 days, tokens (alas) are not issued indefinitely. Permissions - standard create / read / update / delete set plus viewing user information and changing it.
')
After a while, the answer will come with a pair of keys (consumer key and consumer secret) for access to the sandbox server - sandbox.evernote.com . After the application is ready, you need to send another request to the support - so that the keys work for the main server - in the meantime, you can freely use the sandbox without fear of breaking something.
The next surprise I encountered was the lack of examples of OAuth authorization in the API documentation. Of course, there is documentation on oauth.net, and on other services that use OAuth (twitter, for example), but it’s pretty hard to figure out without being tied to a specific service.
So, the authorization scheme:
1. Request token request by application
The full request url looks like this:
www.evernote.com/oauth?oauth_consumer_key=<consumer key> & oauth_signature = <consumer secret>% 26 & oauth_signature_method = plaintext
This link gives the application the token used to generate the link that will need to be given to the user for authorization.
2. User authorization
The user must follow the generated link and confirm that it gives your application access to your account.
Link issued to the user:
www.evernote.com/OAuth.action?oauth_callback=<callback url> & oauth_token = <request token received at the first stage>
Another surprise: the oauth_callback parameter (the url where the user will be redirected after confirming access) is specified as optional in the oauth specifications, but it is required when requesting Evernote. However, it is enough to substitute a slash there for redirecting to the EN main page.
3. Request authorization token by application
After the user has confirmed access, the application requests a constant token, which will later be used for authorization:
www.evernote.com/oauth?oauth_consumer_key=<consumer key> & oauth_signature = <consumer secret>% 26 & oauth_signature_method = plaintext & oauth_token = <request token received in the first step>
After that, you will receive an authorization token and a pointer to the shard (of a particular Evernote server), which will be needed later on when working with the API.
In python, there is a library for working with OAuth, but I refused to use it: I didn’t complicate the process, which boils down to generating links and processing results, especially since the usual OAuth scheme looks more complicated than that used in Evernote Thanks - almost all the excess was removed).
Of the libraries that are not in the standard python build, the bot requires sqlite3, xmpp-py and, of course, the Evernote API (which also includes thrift ).
Python 2.6 is required for operation (due to using “with” statements ) or python 2.5 with the with_statements import from the __future__ module.
Habr did not let me insert half a thousand lines of code with a highlight, so I put all the code on snipt.org . The programmer from me is not so hot, but it works. :) Use, habra people!
The code is at the end of the article, and for starters, I will talk about some of the features of working with Evernote.
Evernote
In order to use the Evernote API, you need to send a request to the support service and get a consumer key. Surprises start here already - it is not written about anywhere, but there are two types of keys: for client applications (with access by login and password) and for access via web authorization - OAuth. In the letter, be sure to specify exactly what you need.
Important: all OAuth access parameters (rights, lifetime of the token) are set on the server side, so it’s better to write about them immediately. The maximum lifespan is 365 days, tokens (alas) are not issued indefinitely. Permissions - standard create / read / update / delete set plus viewing user information and changing it.
')
After a while, the answer will come with a pair of keys (consumer key and consumer secret) for access to the sandbox server - sandbox.evernote.com . After the application is ready, you need to send another request to the support - so that the keys work for the main server - in the meantime, you can freely use the sandbox without fear of breaking something.
Oauth
The next surprise I encountered was the lack of examples of OAuth authorization in the API documentation. Of course, there is documentation on oauth.net, and on other services that use OAuth (twitter, for example), but it’s pretty hard to figure out without being tied to a specific service.
So, the authorization scheme:
1. Request token request by application
The full request url looks like this:
www.evernote.com/oauth?oauth_consumer_key=<consumer key> & oauth_signature = <consumer secret>% 26 & oauth_signature_method = plaintext
This link gives the application the token used to generate the link that will need to be given to the user for authorization.
2. User authorization
The user must follow the generated link and confirm that it gives your application access to your account.
Link issued to the user:
www.evernote.com/OAuth.action?oauth_callback=<callback url> & oauth_token = <request token received at the first stage>
Another surprise: the oauth_callback parameter (the url where the user will be redirected after confirming access) is specified as optional in the oauth specifications, but it is required when requesting Evernote. However, it is enough to substitute a slash there for redirecting to the EN main page.
3. Request authorization token by application
After the user has confirmed access, the application requests a constant token, which will later be used for authorization:
www.evernote.com/oauth?oauth_consumer_key=<consumer key> & oauth_signature = <consumer secret>% 26 & oauth_signature_method = plaintext & oauth_token = <request token received in the first step>
After that, you will receive an authorization token and a pointer to the shard (of a particular Evernote server), which will be needed later on when working with the API.
In python, there is a library for working with OAuth, but I refused to use it: I didn’t complicate the process, which boils down to generating links and processing results, especially since the usual OAuth scheme looks more complicated than that used in Evernote Thanks - almost all the excess was removed).
Python and libraries
Of the libraries that are not in the standard python build, the bot requires sqlite3, xmpp-py and, of course, the Evernote API (which also includes thrift ).
Python 2.6 is required for operation (due to using “with” statements ) or python 2.5 with the with_statements import from the __future__ module.
Source
Habr did not let me insert half a thousand lines of code with a highlight, so I put all the code on snipt.org . The programmer from me is not so hot, but it works. :) Use, habra people!
Source: https://habr.com/ru/post/63586/
All Articles