Jabber-to-Evernote Gateway from the inside
Some time ago, I launched a bot for posting in Evernote via jabber and promised to open the source code to show examples of working with the Evernote API and OAuth.
The code is at the end of the article, but first I’ll talk about some of the features of working with Evernote.
In order to use the Evernote API, you need to send a request to the support service and get a consumer key. Already here surprises begin - it has not been written anywhere, but there are two types of keys: for client applications (with login and password access) and for access through web authorization - OAuth. In the letter, be sure to specify what exactly you need.
Important: all OAuth access parameters (rights, token lifetime) are set on the server side, therefore it is better to write about them immediately. The maximum lifespan is 365 days, tokens (alas) are not issued indefinitely. Rights - a standard set of create / read / update / delete plus viewing user information and changing it.
After a while, an answer will come with a pair of keys (consumer key and consumer secret) for access to the sandbox server -sandbox.evernote.com . After the application is ready, you need to send another request to the support - so that the keys work for the main server - in the meantime, you can freely use the "sandbox" without fear of breaking something.
The next surprise I came across is the lack of OAuth authorization examples in the API documentation. Of course, there is documentation on both oauth.net and other services that use OAuth (twitter, for example), but without binding to a specific service, it’s quite difficult to figure it out.
So, the authorization scheme:
1. Request request token by application The
full request url looks like this:
www.evernote.com/oauth?oauth_consumer_key= key> & oauth_signature =% 26 & oauth_signature_method = plaintext
This link gives the application the token used to generate the link that will need to be given to the user for authorization
2. User authorization The user
must follow the generated link and confirm that he gives your application access to his account.
Link issued to the user:
www.evernote.com/OAuth.action?oauth_callback=url> & oauth_token = <request token received at the first stage>
Another surprise: the oauth_callback parameter (the url to which the user will be redirected after confirming access) is specified as optional in the oauth specifications, but it is required when requesting to Evernote. However, it’s enough to substitute a slash there to redirect to the main page EN.
3. Request authorization token by the application
After the user has confirmed access, the application requests a constant token, which will later be used for authorization:
www.evernote.com/oauth?oauth_consumer_key= key> & oauth_signature =% 26 & oauth_signature_method = plaintext & oauth_token = <request token received at the first stage>
After that you get authorization token and a pointer to the shard (specific Evernote server), which will be needed later when working with the API.
Python has a library for working with OAuth, but I refused to use it: I didn’t complicate the process, which comes down to generating links and processing results, especially since the usual OAuth scheme looks more complicated than that used in Evernote (that's why the developers of EN Thank you - they removed almost everything superfluous).
Of the libraries that are not in the standard python assembly, sqlite3 is required for the bot to work, xmpp-py and, of course, the Evernote API (which also includes thrift ).
It requires python 2.6 (due to the use of “with” statements ) or python 2.5 with the import with_statements from the __future__ module.
Habr did not allow me to insert five hundred lines of code with a highlight, so I posted all the code entirely on snipt.org . The programmer from me is not so hot, but it works. :) Use, habralyudi!
The code is at the end of the article, but first I’ll talk about some of the features of working with Evernote.
Evernote
In order to use the Evernote API, you need to send a request to the support service and get a consumer key. Already here surprises begin - it has not been written anywhere, but there are two types of keys: for client applications (with login and password access) and for access through web authorization - OAuth. In the letter, be sure to specify what exactly you need.
Important: all OAuth access parameters (rights, token lifetime) are set on the server side, therefore it is better to write about them immediately. The maximum lifespan is 365 days, tokens (alas) are not issued indefinitely. Rights - a standard set of create / read / update / delete plus viewing user information and changing it.
After a while, an answer will come with a pair of keys (consumer key and consumer secret) for access to the sandbox server -sandbox.evernote.com . After the application is ready, you need to send another request to the support - so that the keys work for the main server - in the meantime, you can freely use the "sandbox" without fear of breaking something.
OAuth
The next surprise I came across is the lack of OAuth authorization examples in the API documentation. Of course, there is documentation on both oauth.net and other services that use OAuth (twitter, for example), but without binding to a specific service, it’s quite difficult to figure it out.
So, the authorization scheme:
1. Request request token by application The
full request url looks like this:
www.evernote.com/oauth?oauth_consumer_key=
This link gives the application the token used to generate the link that will need to be given to the user for authorization
2. User authorization The user
must follow the generated link and confirm that he gives your application access to his account.
Link issued to the user:
Another surprise: the oauth_callback parameter (the url to which the user will be redirected after confirming access) is specified as optional in the oauth specifications, but it is required when requesting to Evernote. However, it’s enough to substitute a slash there to redirect to the main page EN.
3. Request authorization token by the application
After the user has confirmed access, the application requests a constant token, which will later be used for authorization:
After that you get authorization token and a pointer to the shard (specific Evernote server), which will be needed later when working with the API.
Python has a library for working with OAuth, but I refused to use it: I didn’t complicate the process, which comes down to generating links and processing results, especially since the usual OAuth scheme looks more complicated than that used in Evernote (that's why the developers of EN Thank you - they removed almost everything superfluous).
Python and libraries
Of the libraries that are not in the standard python assembly, sqlite3 is required for the bot to work,
It requires python 2.6 (due to the use of “with” statements ) or python 2.5 with the import with_statements from the __future__ module.
Source
Habr did not allow me to insert five hundred lines of code with a highlight, so I posted all the code entirely on snipt.org . The programmer from me is not so hot, but it works. :) Use, habralyudi!