Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Example OAuth access to the Discogs API
// This example uses a fork of the OAuthSimple library for PHP
// found here:
// For more information about the OAuth process for applications
// accessing Discogs API, read:
require 'oauth.php';
$oauthObject = new OAuthSimple();
$scope = '';
// Initialize the output in case we get stuck in the first step.
$output = 'Authorizing...';
// Fill in your API key/consumer key you received when you registered your
// application with Discogs.
$signatures = array( 'consumer_key' => '[CONSUMER KEY]',
'shared_secret' => '[SHARED_SECRET]');
// Check if verifier exists. If not, get a request token
if (!isset($_GET['oauth_verifier'])) {
// To get a Request Token, we make a request to the OAuthGetRequestToken endpoint,
// submitting the scope of the access we need (
// and also tell Discogs where to redirect once authorization is submitted
$result = $oauthObject->sign(array(
'path' =>'',
'parameters'=> array(
'scope' => $scope,
'oauth_callback'=> ''),
'signatures'=> $signatures));
// The above object generates a simple URL that includes a signature, the
// needed parameters, and the web page that will handle our request.
// Using the cUrl libary, we send a GET request to the signed URL
// then add the response into a string variable ($r)
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'YOUR_USER_AGENT/0.1 +');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
// Then we parse the string for the request token and the matching token secret.
parse_str($r, $returned_items);
$request_token = $returned_items['oauth_token'];
$request_token_secret = $returned_items['oauth_token_secret'];
// We store the token and secret in a cookie for later when authorization is complete
setcookie("oauth_token_secret", $request_token_secret, time()+3600);
// Next we generate a URL for an authorization request, then redirect to that URL
// so the user can authorize our request.
// The user could deny the request, so we should add some code later to handle that situation
$result = $oauthObject->sign(array(
'path' =>'',
'parameters'=> array(
'oauth_token' => $request_token),
'signatures'=> $signatures));
// Here is where we redirect
else {
// If we have a oauth_verifier, fetch the cookie and amend our signature array with the request
// token and secret.
$signatures['oauth_secret'] = $_COOKIE['oauth_token_secret'];
$signatures['oauth_token'] = $_GET['oauth_token'];
// Build the request-URL
$result = $oauthObject->sign(array(
'path' => '',
'parameters'=> array(
'oauth_verifier' => $_GET['oauth_verifier'],
'oauth_token' => $_GET['oauth_token']),
'signatures'=> $signatures));
// ... and get the web page and store it as a string again.
$ch = curl_init();
//Set the User-Agent Identifier
curl_setopt($ch, CURLOPT_USERAGENT, 'YOUR_USER_AGENT/0.1 +');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
// parse the string to get you access token
parse_str($r, $returned_items);
$access_token = $returned_items['oauth_token'];
$access_token_secret = $returned_items['oauth_token_secret'];
// We can use this long-term access token to request Discogs API data,
// for example, the identity of the authenticated user.
// All Discogs API data requests will have to be signed just as before,
// but we can now bypass the authorization process and use the long-term
// access token you hopefully store somewhere permanently.
$oauth_props = array( 'oauth_token' => $access_token,
'oauth_secret' => $access_token_secret);
// reset the oauth object
// rebuild it with the URL of the resource you want to access and the token/secret
$params['path'] = "$scope/database/search";
$params['signatures'] = $oauth_props;
// add optional parameters as needed
// For example: when using the search endpoint, and/or when passing pagination options
$params['parameters'] = 'q=nevermind&artist=nirvana&per_page=3&page=1';
$result = $oauthObject->sign($params);
// Now that we have our signed URL, we can make one more call to the API
// which will grant us access to an authenticated resource
// such as
$url = $result['signed_url'];
curl_setopt($ch, CURLOPT_USERAGENT, 'YOUR_USER_AGENT/0.1 +');
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//Execute the curl session
$output = curl_exec($ch);
// print the JSON output to the page
echo $output;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment