OAuth is very inconvenient

Question

OAuth is very inconvenient

skorokithakis opened this issue 9 years ago · 4 comments

OAuth is very inconvenient for certain cases. For example, I have a 5-line Python script in my /bin/ directory that I can use to upload an image from the command line quickly. However, since I need to go through the whole OAuth flow to upload as myself, I need to be visiting the website every single time I want to upload an image, or upload the image without having it go to my page, or take care to store the state somewhere.

All of these options are very onerous, all I want to do is go to my settings page, find an API key and paste it in the script and have it work forever. Is there a way to do that?

Answer 1 · 2016-03-16T21:53:28.000Z

You can store the oauth token access and client tokens in environment variables and read them from your script. If you are using python 3, i have written an imgur-cli which you can look at: https://github.com/ueg1990/imgur-cli

Answer 2 · 2016-03-16T22:46:57.000Z

How long will those last? Isn't the refresh token going to need to be changed every so often?

Answer 3 · 2016-03-16T22:58:14.000Z

We recently raised them from 1 hour to one month. We're still expiring them for legacy reasons (the theory is an attacker could sniff the access token via HTTP and the hour window would limit the time they could use it), but in future iterations we plan to have clients use one access token indefinitely since our API is HTTPS only now.

Answer 4 · 2016-03-16T23:00:32.000Z

That'd be nice, as it stands I don't want to have to keep getting new tokens every so often :-(