=====
èªè¨¼
=====
http://developer.foursquare.com/docs/oauth.html
.. The foursquare APIv2 can only be accessed via OAuth 2.0. This is
really important to help us track usage of the API by your
applications while keeping our users' data safe. It's a standard
used by various large API providers, including the Facebook Graph
API.
Foursquare APIv2 㯠`OAuth2.0 <http://oauth.net/2/>`_ を通ã—ã¦ã—
ã‹ä½¿ç”¨ã§ãã¾ã›ã‚“。ã“ã‚Œã¯ã‚ãªãŸã®ã‚¢ãƒ—リケーションãŒãƒ¦ãƒ¼ã‚¶ã®ãƒ‡ãƒ¼ã‚¿ã‚’安全
ã«ä¿ã£ã¦ã„ã‚‹ã“ã¨ã¨ã€æˆ‘々ãŒAPIã®åˆ©ç”¨çŠ¶æ³ã‚’追跡ã™ã‚‹ã“ã¨ã‚’手助ã‘ã™ã‚‹ã“ã¨ã®
ãŸã‚ã«é‡è¦ãªã“ã¨ã§ã™ã€‚OAuth 2.0ã¯Facebookã®Graph APIãªã©ã®æ§˜ã€…ãªå·¨å¤§ãª
APIプãƒãƒã‚¤ãƒ€ãƒ¼ã§ä½¿ã‚ã‚Œã¦ã„る標準ã§ã™ã€‚
.. If you had a rough experience trying to use OAuth 1.0, rest assured
the new version is radically simpler and more awesome. There are
various tutorials floating around, but one we found helpful was
this blog post.
ã‚‚ã—ã€OAuth 1.0を使ã£ãŸçµŒé¨“ãŒã‚ã‚‹ãªã‚‰ã°ã€æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ã‚‚ã£ã¨ç°¡å˜ã§
ã‚‚ã£ã¨ç´ 晴らã—ã„ã“ã¨ãŒåˆ†ã‹ã‚‹ã§ã—ょã†ã€‚周囲ã«ã¯ã•ã¾ã–ã¾ãªãƒãƒ¥ãƒ¼ãƒˆãƒªã‚¢ãƒ«
ãŒã‚ã‚Šã¾ã™ãŒã€ãã®ã†ã¡ã®ä¸€ã¤ã€ `ã“ã®blog記事
<http://www.sociallipstick.com/?p=239>`_ ãŒå‚考ã«ãªã‚‹ã§ã—ょã†ã€‚
----------------------------
1. サインアップ
----------------------------
.. Start by registering your application and obtaining your API
credentials. You may want to sign up under a separate account with
an extra-secure password to own these credentials. Since each
credential is tied to a particular URL, you may want to create a
set of development credentials which point to your development
server URL, and production credentials which point to your
production server URL. For the purposes of OAuth2, your "key" from
that registration process is your "id" here, and your secret from
registering is your secret here.
始ã‚ã‚‹ã«ã‚ãŸã‚Šã€ã¾ãšã€ã‚ãªãŸã® `アプリケーションを登録
<https://foursquare.com/oauth>`_ ã—ã€APIã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã‚’å–å¾—ã—ã¾ã™ã€‚
ã•ã‚‰ã«å®‰å…¨ãªãƒ‘スワードを使ã£ã¦ã€åˆ¥ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ç™»éŒ²ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚
ãã‚Œãžã‚Œã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã¯å¯¾å¿œã™ã‚‹URLã¨çµã³ã¤ã„ã¦ã„ã‚‹ãŸã‚ã€é–‹ç™ºã‚µãƒ¼ãƒã®
URLを示ã™é–‹ç™ºç”¨ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã€è£½å“サーãƒã®URLを示ã™è£½å“クレデンシャル
ã®ã‚»ãƒƒãƒˆã‚’作るã“ã¨ã‚‚出æ¥ã¾ã™ã€‚OAuth2ã®ãŸã‚ã«ã€ç™»éŒ²å‡¦ç†ã«ã‚ˆã£ã¦å¾—られãŸ
ã‚ãªãŸã®"ã‚ー"ã¯ã‚ãªãŸã®"id"ã§ã‚ã‚Šã€ç™»éŒ²æ™‚ã®ã‚ãªãŸã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã¯ã‚ãª
ãŸã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã¨ãªã‚Šã¾ã™ã€‚(訳註: 訳ä¸æ£ç¢º)
-----------------------------
2. アクセストークンã®å–å¾—
-----------------------------
æ–°ã—ã„APIを使用ã™ã‚‹ã«ã¯ã€å¤§ãã分ã‘ã¦ä¸‰ã¤ã®æ–¹æ³•ãŒã‚ã‚Šã¾ã™ã€‚
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Web アプリケーション
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(PHP, Perl, Ruby, Python, Java, Scala, ãªã©)
- èªè¨¼ã‚’ã—ãŸã„ユーザを以下㫠**リダイレクト**
::
https://foursquare.com/oauth2/authenticate
?client_id=YOUR_CLIENT_ID
&response_type=code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
- ã‚‚ã—ユーザãŒäº†æ‰¿ã—ãŸã‚‰ã€ä»¥ä¸‹ã®URLã«å†ã³ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆ
::
https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE
- ã‚ãªãŸã®ã‚µãƒ¼ãƒã¯ä»¥ä¸‹ã® **リクエストを生æˆ**
::
https://foursquare.com/oauth2/access_token
?client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&grant_type=authorization_code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
&code=CODE
- レスãƒãƒ³ã‚¹ã¯JSONã§è¿”ã£ã¦ãã¾ã™
::
{ access_token: ACCESS_TOKEN }
- ã‚ãªãŸã®ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã«ã“ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã‚’ **ä¿å˜** ã—ã¾ã™
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
純粋㪠AJAX アプリケーション
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Javascript)
- èªè¨¼ã‚’ã—ãŸã„ユーザを以下㫠**リダイレクト**
::
https://foursquare.com/oauth2/authenticate
?client_id=CLIENT_ID
&response_type=token
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
- ã‚‚ã—ユーザãŒäº†æ‰¿ã—ãŸã‚‰ã€ä»¥ä¸‹ã®URLã«å†ã³ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆ
::
http://YOUR_REGISTERED_REDIRECT_URI/#access_token=ACCESS_TOKEN
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
æºå¸¯é›»è©±ã‚ã‚‹ã„ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã®ã‚¢ãƒ—リケーション
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Android Java, iOS Objective-C, ãªã©)
.. if you have a server that works with your application, we strongly
prefer you use the server flow above, possibly in an embedded
browser. Similar to the Facebook API, you can add display=touch to
your authorize or authenticate URLs to get a mobile optimized
interface.
ã‚‚ã—ã€ã‚ãªãŸã®ã‚¢ãƒ—リケーションã¨ä¸€ç·’ã«ãªã£ã¦å‹•ãサーãƒãŒã‚ã‚‹å ´åˆã€ç§ãŸ
ã¡ã¯ä¸Šè¨˜ã®ã‚µãƒ¼ãƒã®å ´åˆã‚’使ã†ã“ã¨ã‚’å¼·ã勧ã‚ã¾ã™ã€‚ã“ã‚Œã¯åŸ‹ã‚è¾¼ã¿ã®ãƒ–ラウ
ザã§å‹•ä½œã™ã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“。Facebook APIã¨åŒã˜ã‚ˆã†ã«ã€ãƒ¢ãƒã‚¤ãƒ«ç”¨ã«æœ€é©
化ã•ã‚ŒãŸã‚¤ãƒ³ã‚¿ãƒ•ã‚§ãƒ¼ã‚¹ã‚’å¾—ã‚‹ãŸã‚ã«ã€ã‚ãªãŸã®èªè¨¼ã‚„èªè¨¼ç”¨URLã«
`display=touch` を付ã‘åŠ ãˆã¦ã‚‚構ã„ã¾ã›ã‚“。
------------------------------------------------------
3. リクエストã®ä½œæˆ
------------------------------------------------------
.. Once you have an access token. It's easy to use any of the
endpoints, but just adding oauth_token=ACCESS_TOKEN to your GET or
POST request. For example, from the command line, you can do
一度アクセストークンを得ãŸã‚‰ã€ã©ã‚“㪠:doc:`エンドãƒã‚¤ãƒ³ãƒˆ <endpoint>`
も使ã†ã®ã¯ç°¡å˜ã§ã™ã€‚oauth_token=ACCESS_TOKEN ã‚’GETã‹POSTã«ä»˜ã‘åŠ ãˆã‚‹ã
ã‘ã§ã™ã€‚例ãˆã°ã‚³ãƒžãƒ³ãƒ‰ãƒ©ã‚¤ãƒ³ã‹ã‚‰ã€ä»¥ä¸‹ã®ã‚ˆã†ã«ã—ã¾ã™ã€‚
::
curl https://api.foursquare.com/checkin/history?oauth_token=ACCESS_TOKEN
ã„ãˆã„ï¼ãŸã£ãŸã“ã‚Œã ã‘ã§ã™ï¼
-----------------------------------
API v1 ã‹ã‚‰ã®ç§»è¡Œ
-----------------------------------
.. If you have users who already registered with OAuth 1.0 for the old
foursquare API, don't worry! All you have to do is use the user's
secret as the oauth_token in APIv2 and you're good to go.
ã‚‚ã—ã‚‚ã‚ãªãŸãŒå¤ã„foursquare APIã®ãŸã‚ã«ã€OAuth 1.0ã§æ—¢ã«ç™»éŒ²ã—ã¦ã„ã‚‹å ´
åˆã€å¿ƒé…ã—ãªã„ã§ãã ã•ã„ï¼ãƒ¦ãƒ¼ã‚¶ã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚’APIv2ã®oauth_tokenã¨ã—
ã¦ä½¿ã†ã ã‘ã§ã™ã€‚
.. _auth-useless:
-----------------------------------
ç„¡æ„味ãªã‚¢ã‚¯ã‚»ã‚¹
-----------------------------------
.. Some endpoints (e.g. venue search) allow you to not act as any
particular user. We will return unpersonalized data suitable for
generic use, and the performance should be slightly better. In these
cases, pass your client ID as client_id and your client secret as
client_secret. Although the draft 11 of the OAuth2 spec provides a
mechanism for consumers to act via token entitled Client
Credentials, we do not currently support this.
(Venue 検索ãªã©ã®)ã„ãã¤ã‹ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã¯ç‰¹å®šã®ãƒ¦ãƒ¼ã‚¶ã«å¯¾ã—ã¦ãªã«ã‹
ã‚’è¡Œã†ã‚ã‘ã§ã¯ã‚ã‚Šã¾ã›ã‚“。ã“ã®å ´åˆã€ç§ãŸã¡ã¯ä½¿ç”¨å€‹äººæƒ…å ±ã«åŸºã¥ã‹ãªã„å…¨
体ã®ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®æ™‚ã®æ€§èƒ½ã¯ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚ˆã‚Š
ã‚ãšã‹ã«å„ªã‚Œã¦ã„ã¾ã™ã€‚ã“れらã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å ´åˆã€ã‚ãªãŸã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³
トIDã‚’ `client_id` ã¨ã—ã¦ã€ã‚ãªãŸã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚’
`client_secret` ã¨ã—ã¦æ¸¡ã—ã¾ã™ã€‚OAuth2仕様書ã®draft 11ã«ã‚ˆã‚Œã°ã€
"Client Credentials"ã¨ã„ã†åå‰ã®ãƒˆãƒ¼ã‚¯ãƒ³ã‚’利用ã—ã¦ã‚³ãƒ³ã‚·ãƒ¥ãƒ¼ãƒžã«å¯¾ã™ã‚‹
機構をæä¾›ã™ã‚‹æ–¹æ³•ãŒã‚ã‚Šã¾ã™ãŒã€ç§ãŸã¡ã¯ç¾åœ¨ã“ã®æ–¹å¼ã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾
ã›ã‚“。
-----------------------------------
注æ„
-----------------------------------
.. OAuth2 can pass secrets in the clear without requiring manual
signing of requests. The catch is that all requests must be via
HTTPS, and you'll see errors when not using HTTPS.
OAuth2ã¯ãƒªã‚¯ã‚¨ã‚¹ãƒˆã®æ‰‹å‹•ã§ã®ç½²åを求ã‚ãªã„å ´åˆã€å¹³æ–‡ã§é€ã‚‹ã“ã¨ãŒå‡ºæ¥ã¾
ã™ã€‚å…¨ã¦ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã¯HTTPSを通ã—ã¦è¡Œã‚ã‚Œãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“。HTTPSを使
ã‚ãªã„å ´åˆã€ã‚¨ãƒ©ãƒ¼ã¨ãªã‚Šã¾ã™ã€‚
.. Be sure to note that although API requests are against
api.foursquare.com, OAuth token and authorization requests are
against foursquare.com.
APIã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã¯ `api.foursquare.com` ã«å¯¾ã—ã¦è¡Œã‚ã‚Œã¦ã„ã‚‹ã“ã¨ã«æ³¨æ„ã—
ã¦ãã ã•ã„。OAuthトークンã¨èªè¨¼ãƒªã‚¯ã‚¨ã‚¹ãƒˆã¯ `foursquare.com` ã«å¯¾ã—ã¦è¡Œ
ã‚ã‚Œã¾ã™ã€‚
.. The examples above use /authenticate instead of
/authorize. Following precedent established by Twitter and
LinkedIn, the /authenticate page is like /authorize except it will
automatically redirect if a user has already authorized the calling
page.
上記ã®ä¾‹ã§ã¯ `/authorize` ã®ä»£ã‚ã‚Šã« `/authenticate` を使用ã—ã¦ã„ã¾ã™ã€‚
Twitterã¨LinkedInã«ã‚ˆã‚‹å‰ä¾‹ã«ãªã‚‰ã†ã¨ã€ /authenticate ページã¯
/authorize ã¨åŒã˜ã§ã™ãŒã€ã‚‚ã—ユーザãŒæ—¢ã«èªè¨¼ã•ã‚Œã¦ã„ã‚‹å ´åˆã¯ã€è‡ªå‹•çš„ã«
リダイレクトã•ã‚Œã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚
.. The OAuth2 spec provides for Resource Owner Password Credentials,
exchanging the user's password for a token, but we do not allow
third-party clients to use this flow for security reasons.
OAuth2ã®ä»•æ§˜æ›¸ã§ã¯ãƒ¦ãƒ¼ã‚¶ã®ãƒ‘スワードをトークンã¨å…¥ã‚Œæ›¿ãˆã‚‹ Resource
Owner Password Credentials ãŒã‚ã‚Šã¾ã™ãŒã€ç§ãŸã¡ã¯ã‚»ã‚ュリティ上ã®ç†ç”±ã«
よりã€ã‚µãƒ¼ãƒ‰ãƒ‘ーティã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã“れを使用ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¦ã„ã¾ã›ã‚“。
.. One issue you may run into on Android is that foursquare uses a
wildcard SSL cert. For more information, see this Stack Overflow
answer.
foursquareãŒãƒ¯ã‚¤ãƒ«ãƒ‰ã‚«ãƒ¼ãƒ‰SSL証明書を使用ã—ã¦ã„ã‚‹ãŸã‚ã€Android上ã§å‹•ã‹
ã™æ™‚ã«ã€å•é¡ŒãŒã‚ã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“。より詳細ãªæƒ…å ±ã¯ `Stack Overflowã®å›ž
ç”
<http://stackoverflow.com/questions/3135679/android-httpclient-hostname-in-certificate-didnt-match-example-com-exa>`_
を見ã¦ãã ã•ã„。
.. Although at this time we do not expire OAuth access tokens, you
should be prepared for this possibility in the future. Also
remember that a user may revoke access via the foursquare settings
page at any time.
ç¾åœ¨ã®ã¨ã“ã‚OAuthã®ã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ãŒæœŸé™åˆ‡ã‚Œã«ãªã‚‹ã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“ãŒã€
ã‚ãªãŸã¯å°†æ¥çš„ã«æœŸé™åˆ‡ã‚Œã«ãªã‚‹å¯èƒ½æ€§ã«å‚™ãˆã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã•ã‚‰ã«ã€ãƒ¦ãƒ¼
ザã¯ã„ã¤ã§ã‚‚foursquareã®è¨å®šãƒšãƒ¼ã‚¸ã§ã‚¢ã‚¯ã‚»ã‚¹ã‚’ä¸æ¢ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã‚‹ç‚¹ã‚’
覚ãˆã¦ãŠã„ã¦ãã ã•ã„。