This document summarizes the Douban API and authentication methods. It describes Douban as a social networking site focused on books, movies, music and more. It then outlines the different Douban APIs available and how third-party apps can integrate and be powered by the Douban API. Finally, it details the different OAuth 2.0 authentication flows including client-side, server-side, and native app flows for obtaining access tokens to make requests to the Douban API on behalf of a user.
10. Inside Douban API
• using OAuth 2.0 to access douban APIs
• The core concepts are simple:
– Your application asks for a particular scope of access
– Douban displays an OAuth page to users, asking for
consent to authorize access to your application
– If the user approves, your application will get a shortlived
access token that you can use to validate requests for the
user's data and a long-lived refresh token.
11. Inside Douban API
• Today Douban supports three flows of OAuth
2.0
– The client-side flow for JavaScript applications
running in a browser
– The server-side flow for web applications with
servers that can securely store persistent
information
– The native application flow for desktop and
mobile applications
12. Apply Douban Apikey
go to https://www.douban.com/service/auth2/apikey/apply
then douban will return a apikey and secret:
• apikey="047e255f2309478c0d7a701d691bd6a4"
• secret="0253348fa4d10541
14. Client Side Flow
1. get access token
GET https://www.douban.com/service/auth2/auth?
client_id=047e255f2309478c0d7a701d691bd6a4&
redirect_uri=http://www.douban.com/&
response_type=token&
scope=shuo_basic_r,shuo_basic_w
2. use access_token access api
curl "https://api.douban.com/people/@me"
-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764"
16. Server Side Flow
1.get authorization code
GET https://www.douban.com/service/auth2/auth?
client_id=047e255f2309478c0d7a701d691bd6a4
&redirect_uri=http://book.douban.com
&response_type=code
&scope=shuo_basic_r,shuo_b
17. Server Side Flow
2. get access_token using the code
that first step returned
curl "https://www.douban.com/service/auth"
-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764"
-d "client_id=047e255f2309478c0d7a701d691bd6a4
&client_secret=0253348fa4d10541
&redirect_uri=http://book.douban.com
&grant_type=authorization_code
&code=12345"
18. Server Side Flow
3. use access_token access APIs
curl "https://api.douban.com/people/@me"
-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764