-
-
Notifications
You must be signed in to change notification settings - Fork 991
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[tumblr] OAuth upgrades #65
Comments
OAuth support and |
Hey, that's really great. Thanks a lot! I've already updated gallery-dl (of course), and will try a run with a "hidden" tumblr log later today. It's too bad that I can't think of any way to really check the results. Bothers me for a while now, but I can't wrap my head around it. If it's really possible at all. |
Good idea with the |
@mikf One question regarding the OAuth procedure... gallery-dl/gallery_dl/extractor/tumblr.py Lines 229 to 237 in 421a974
If I read this code correctly, gallery-dl checks the config for (BTW, the other OAuth extractors (DeviantArt, Flickr, Reddit) are doing basically the same, or is it something different?) And the API Key is always = OAuth Consumer Key. Yay for convenience. What I don't get, and maybe I'm only reading the Tumblr API Docs wrong somehow, but what about the API Secret (Or the OAuth Consumer Secret, as it's called there)? Because they always seem to mention the full set of four values: And when doing the gallery-dl/gallery_dl/extractor/tumblr.py Lines 222 to 228 in 421a974
This tries to retrieve |
All four sites either issue API requests on the user's behalf if the required credentials are provided ( The API secret (and access token secret) in OAuth1.0 is used to generate an The API key and secret values are read from the config to allow users to specify their own API credentials in case gallery-dl's default values become invalid or something in that regard. Retrieving the API secret is actually fairly pointless, at least for right now, as this would only be useful in conjunction with user-credentials retrieved through |
Uh, okay. Not sure if I really understand that correctly right now.
Isn't that the point? API Key + API Secret in conjunction with user-credentials? I mean, depends on what exactly is meant with being pointless here. Maybe I am misunderstanding the exact API limitations? |
I called it "pointless" because it wasn't properly implemented on galler-dl's side and wouldn't have worked as it should have. oauth: 91ed147 allows the authorization step (
And regarding API limitations: Tumblr allows for 1000 request per hour, 5000 requests per day per application, which is always the "gallery-dl Application" registered on Tumblr (unless you set your own api-key and -secret). There havn't been any complaints about rate-limits as of yet, so I guess this is fine for now. |
Why
Great, thanks. Will try that later. I have my
Yes, I think now we're getting to the gist of it, because that's the reason why I've asked initially. |
Ah, yes, I meant tumblr. Sorry about that. I'm pretty sure the rate limit is applied per API key and all users of gallery-dl can only issue 5000 API requests per day in total when using the default key. Seems to be enough at the moment and there is always the option to apply for rate limit removal. I doubt this is going to have much success and I really don't know how I should convince them, but who knows. Another option would be to go the same route as ripme and have multiple API Keys and choose one at random for every extractor run. This wouldn't work very well with the whole OAuth and Access Token thing, but you could require all users who want to use an Access Token to also supply their own API Key. |
@mikf Uh, before I forget it completely.. Okay, I used some old API Key & Secret of mine. When doing the OAuth authorization request, you can see the "application" it originates from, and in this case, it was no longer "gallery-dl Application". |
One important difference when using Tumblr with OAuth 1.0a authentication:
Try this Tumblr blog, for example: https://embedded-demos.tumblr.com/
It doesn't work with gallery-dl. Open in an incognito tab:
You'll end here:
https://www.tumblr.com/login_required/embedded-demos
Open while signed in to Tumblr, and you will see it. But only displayed alongside your Tumblr Dashboard.
It's this "ingenious" feature:
I hate it. Ridiculous waste of screen space. You can't use
/tagged
. And you can't use/archive
, which is essential, in my opinion.(If anyone of you knows how this still works, please let me know!)
But here is the interesting part:
You can try it for yourself, with the Tumblr Web Console. Just check the Blog Info, for example.
https://api.tumblr.com/console/calls/blog/info
VS.
You can observe the same results with
https://api.tumblr.com/console/calls/blog/posts
And you actually get the
"posts": [ { ...
array in your response! (jq '.response.posts'
, for example)Great news!
All of this has one additional benefit:
https://www.tumblr.com/docs/en/api/v2#user-methods
OAuth is required for
/user/likes
This might be a useful additional feature, i.e.
likes
subcategory/subextractor, together with the already existinguser
,post
andtag
.The text was updated successfully, but these errors were encountered: