TechCrunch Hackathon Douban API

•Als PPTX, PDF herunterladen•

5 gefällt mir•1,209 views

This document summarizes the Douban API and authentication methods. It describes Douban as a social networking site focused on books, movies, music and more. It then outlines the different Douban APIs available and how third-party apps can integrate and be powered by the Douban API. Finally, it details the different OAuth 2.0 authentication flows including client-side, server-side, and native app flows for obtaining access tokens to make requests to the Douban API on behalf of a user.

Technologie

Douban API

laiwei@douban.com
http://douban.com/people/laiwei

2011-10-29

What is Douban
• Community
• Book
• Movie
• Music
• FM
• AlphaTown

Explore Life, Express Youself, Share Life

via http://douban.com/about

Why Douban
• 50M+ Registered Users
• 600+ Cities
• 250,000+ Groups
• 30000+ Sites
• 1000+ Cinemas

Douban APIs
• Miniblog/Shuo
• OpenID
• Books/Movies/Music
• Photos
• Reviews
• Collections
• Notes
• Events
• Recommendations
• Tags
• Dou-mail

via http://www.douban.com/service/apidoc/reference

Powered by Douban API
• DoubanShuo

via http://shuo.douban.com

Powered by Douban API
• Douban FM
• Douban Movie
• Douban Bookcart
• AlphaTown

Powered by Douban API
• Third-party Apps

via http://douban.com/service/gallery

Douban OpenID
• 3rd-party sites and applications can let visitors
sign in using their douban id

Inside Douban API
• using OAuth 2.0 to access douban APIs
• The core concepts are simple:
– Your application asks for a particular scope of access
– Douban displays an OAuth page to users, asking for
consent to authorize access to your application
– If the user approves, your application will get a shortlived
access token that you can use to validate requests for the
user's data and a long-lived refresh token.

Inside Douban API
• Today Douban supports three flows of OAuth
2.0
– The client-side flow for JavaScript applications
running in a browser
– The server-side flow for web applications with
servers that can securely store persistent
information
– The native application flow for desktop and
mobile applications

Apply Douban Apikey
go to https://www.douban.com/service/auth2/apikey/apply

then douban will return a apikey and secret:

• apikey="047e255f2309478c0d7a701d691bd6a4"
• secret="0253348fa4d10541

Modify Apikey Properties
go to
https://www.douban.com/service/auth2/apikey/

Client Side Flow
1. get access token
GET https://www.douban.com/service/auth2/auth?
client_id=047e255f2309478c0d7a701d691bd6a4&
redirect_uri=http://www.douban.com/&
response_type=token&
scope=shuo_basic_r,shuo_basic_w

2. use access_token access api
curl "https://api.douban.com/people/@me"
-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764"

Server Side Flow

2 steps to obtain access_token

Server Side Flow

1.get authorization code
GET https://www.douban.com/service/auth2/auth?
client_id=047e255f2309478c0d7a701d691bd6a4
&redirect_uri=http://book.douban.com
&response_type=code
&scope=shuo_basic_r,shuo_b

Server Side Flow

2. get access_token using the code
that first step returned
curl "https://www.douban.com/service/auth"
-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764"
-d "client_id=047e255f2309478c0d7a701d691bd6a4
&client_secret=0253348fa4d10541
&redirect_uri=http://book.douban.com
&grant_type=authorization_code
&code=12345"

Server Side Flow

3. use access_token access APIs
curl "https://api.douban.com/people/@me"
-H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764

Native-application Flow

The same as server side flow

Weitere ähnliche Inhalte

Was ist angesagt?

A 4 line login - line platform

LINE Corporation

Spring4 security oauth2

axykim00

OAuth2 Authentication

Ismael Costa

Utapass iOS 工程師 Jefferey 分享影片位置 https://youtu.be/cv9IKPJY91U 相關 Sessions - [Rich Notifications] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/817/) - [Best Practices and What’s New in User Notifications] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/708/) - [Size Classes and Core Components] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/812/) - [Auto Layout Techniques in Interface Builder] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/412/)

KKBOX WWDC17 Notification and Autolayout - Jefferey

Liyao Chen

Spring4 security oauth2

Sang Shin

OAuth is one of the most successful authorization protocols on the Internet. The OAuth 2.0 framework, the proposed standard to replace OAuth 1.0, enables a third-party application to obtain limited access to an application, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the application, or by allowing the third-party application to obtain access on its own behalf. In this webinar, we provide an overview of the OAuth 2.0 authorization model, how it fits in the enterprise environment, and some critical security implications of note for software architects and security analysts. Vulnerable App: https://github.com/topavankumarj/Vulnerable-OAuth2.0-Application Key Takeaways: 1.) Comprehensive understanding of the OAuth 2.0 authorization framework. 2.) Threats/Attacks specific to OAuth 2.0 3.) Practical demonstration of exploit vectors 4.) Outline of architectural best practices in OAuth 2.0 Who should attend: 1.) Application architects /API developers who use OAuth to publish and/or interact with protected data. 2.) Security Analysts who want to learn about security implications relevant to the OAuth Framework.

Security for oauth 2.0 - @topavankumarj

Pavan Kumar J

KKTV iOS 工程師 Mario 分享影片位置 https://youtu.be/4U9QbQFo7gU 相關 Sessions - [Data Delivery with Drag and Drop] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/227/) - [Drag and Drop with Collection and Table View] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/223/) - [Introducing Drag and Drop] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/203/) - [Mastering Drag and Drop] (https://developer.apple.com/videos/wwdc2017/videos/play/wwdc2017/213/)

KKBOX WWDC17 UIKit Drag and Drop - Mario

Liyao Chen

OAuth 2 Presentation

Mohamed Ahmed Abdullah

A simple PHP LinkedIn OAuth 2.0 example

Mattia Reggiani

Was ist angesagt? (9)

A 4 line login - line platform

Spring4 security oauth2

OAuth2 Authentication

KKBOX WWDC17 Notification and Autolayout - Jefferey

Spring4 security oauth2

Security for oauth 2.0 - @topavankumarj

KKBOX WWDC17 UIKit Drag and Drop - Mario

OAuth 2 Presentation

A simple PHP LinkedIn OAuth 2.0 example

Ähnlich wie TechCrunch Hackathon Douban API

Linkedin & OAuth

Umang Goyal

OAuth 2.0

Alex Bilbie

Secure your app with keycloak

Api security

OAuth

Some OAuth love

Social Login

Michele Leroux Bustamante

Oauth2.0

Yasmine Gaber

Securing APIs with OAuth 2.0

Kai Hofstetter

Создание API, которое полюбят разработчики. Глубокое погружение

SQALab

Keycloak for Science Gateways - SGCI Technology Sampler Webinar

marcuschristie

We know and love our authentication standards for the web, yet on mobile we often still resort to usernames & passwords in our apps. This presentation explores OpenID Connect (OIDC) and OAuth 2.0 in the context of mobile apps to see how they decouple authentication logic from your app and promote simpler and more flexible patterns for user authentication and API authorization. This presentation was first given in the London Mobile Security Meetup https://www.meetup.com/London-Mobile-Developer-Security/

Mobile Authentication - Onboarding, best practices & anti-patterns

Pieter Ennes

Conference Abstract: This session will focus on integrating with social media with your Spring projects. The Spring Social project allows developers to interact with Twitter, LinkedIn, Facebook & TripIt in web and mobile projects. We will discuss security concerns with OAuth 1.0 & 2.0 and how Spring templates make our job easier. Topics Include: - Spring Greenhouse - reference implementation of Spring Social - Spring Mobile - integrating Spring Social with iPhone & Android - Security with OAuth - Accessing Social data with REST, JSON & XML - Examples of Spring Social Media Templates

Spring Social - Messaging Friends & Influencing People

Gordon Dickens

OAuth 1.0

simonetripodi

APIエコノミー時代の認証・認可

Tatsuo Kudo

Data synchronization and offline capabilities are key to creating successful mobile applications and there are many factors to consider. – What data format should you use? – How do you manage security? – How do you efficiently manage syncing data to hundreds of applications independently? In this session, you’ll learn about various factors that drive answers to these questions. You’ll also learn from live code and interactive demonstrations how to use SSL and OAUTH2 to securely synchronize JSON data with a remote REST service and how to use synchronization tokens to efficiently keep your clients up to date. There will be client examples included for both the iOS and Android platforms, but you’ll be able to apply these concepts to any client, regardless of your platform.

Data Synchronization Patterns in Mobile Application Design

Eric Maxwell

Web API 2 Token Based Authentication

jeremysbrown

Kt 15 07-2013

G Jayendra Kartheek

Adding Identity Management and Access Control to your App

FIWARE

Adding identity management and access control to your app

Álvaro Alonso González

Ähnlich wie TechCrunch Hackathon Douban API (20)

Linkedin & OAuth

OAuth 2.0

Secure your app with keycloak

Api security

OAuth

Some OAuth love

Social Login

Oauth2.0

Securing APIs with OAuth 2.0

Создание API, которое полюбят разработчики. Глубокое погружение

Keycloak for Science Gateways - SGCI Technology Sampler Webinar

Mobile Authentication - Onboarding, best practices & anti-patterns

Spring Social - Messaging Friends & Influencing People

OAuth 1.0

APIエコノミー時代の認証・認可

Data Synchronization Patterns in Mobile Application Design

Web API 2 Token Based Authentication

Kt 15 07-2013

Adding Identity Management and Access Control to your App

Adding identity management and access control to your app

Kürzlich hochgeladen

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Kürzlich hochgeladen (20)

GenAI Risks & Security Meetup 01052024.pdf

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

A Domino Admins Adventures (Engage 2024)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Partners Life - Insurer Innovation Award 2024

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Boost PC performance: How more available memory can improve productivity

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Powerful Google developer tools for immediate impact! (2023-24 C)

Axa Assurance Maroc - Insurer Innovation Award 2024

presentation ICT roal in 21st century education

Top 10 Most Downloaded Games on Play Store in 2024

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Boost Fertility New Invention Ups Success Rates.pdf

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Scaling API-first – The story of a global engineering organization

Why Teams call analytics are critical to your entire business

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

A Year of the Servo Reboot: Where Are We Now?

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

TechCrunch Hackathon Douban API

1. Douban API laiwei@douban.com http://douban.com/people/laiwei 2011-10-29

2. What is Douban • Community • Book • Movie • Music • FM • AlphaTown Explore Life, Express Youself, Share Life via http://douban.com/about

3. Why Douban • 50M+ Registered Users • 600+ Cities • 250,000+ Groups • 30000+ Sites • 1000+ Cinemas

4. Douban APIs • Miniblog/Shuo • OpenID • Books/Movies/Music • Photos • Reviews • Collections • Notes • Events • Recommendations • Tags • Dou-mail via http://www.douban.com/service/apidoc/reference

5. Powered by Douban API • DoubanShuo via http://shuo.douban.com

6. Powered by Douban API • Douban FM • Douban Movie • Douban Bookcart • AlphaTown

7. Powered by Douban API • Third-party Apps via http://douban.com/service/gallery

8. Douban Open Platform • OpenID • API

9. Douban OpenID • 3rd-party sites and applications can let visitors sign in using their douban id

10. Inside Douban API • using OAuth 2.0 to access douban APIs • The core concepts are simple: – Your application asks for a particular scope of access – Douban displays an OAuth page to users, asking for consent to authorize access to your application – If the user approves, your application will get a shortlived access token that you can use to validate requests for the user's data and a long-lived refresh token.

11. Inside Douban API • Today Douban supports three flows of OAuth 2.0 – The client-side flow for JavaScript applications running in a browser – The server-side flow for web applications with servers that can securely store persistent information – The native application flow for desktop and mobile applications

12. Apply Douban Apikey go to https://www.douban.com/service/auth2/apikey/apply then douban will return a apikey and secret: • apikey="047e255f2309478c0d7a701d691bd6a4" • secret="0253348fa4d10541

13. Modify Apikey Properties go to https://www.douban.com/service/auth2/apikey/

14. Client Side Flow 1. get access token GET https://www.douban.com/service/auth2/auth? client_id=047e255f2309478c0d7a701d691bd6a4& redirect_uri=http://www.douban.com/& response_type=token& scope=shuo_basic_r,shuo_basic_w 2. use access_token access api curl "https://api.douban.com/people/@me" -H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764"

15. Server Side Flow 2 steps to obtain access_token

16. Server Side Flow 1.get authorization code GET https://www.douban.com/service/auth2/auth? client_id=047e255f2309478c0d7a701d691bd6a4 &redirect_uri=http://book.douban.com &response_type=code &scope=shuo_basic_r,shuo_b

17. Server Side Flow 2. get access_token using the code that first step returned curl "https://www.douban.com/service/auth" -H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764" -d "client_id=047e255f2309478c0d7a701d691bd6a4 &client_secret=0253348fa4d10541 &redirect_uri=http://book.douban.com &grant_type=authorization_code &code=12345"

18. Server Side Flow 3. use access_token access APIs curl "https://api.douban.com/people/@me" -H "Authorization: Bearer ee905e14b2e427cccbb11a3e18ac7764

19. Native-application Flow The same as server side flow

20. Q&A thanks

TechCrunch Hackathon Douban API

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (9)

Ähnlich wie TechCrunch Hackathon Douban API

Ähnlich wie TechCrunch Hackathon Douban API (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

TechCrunch Hackathon Douban API