I have been playing with the TripIt API yesterday. TripIt provides typical RESTful services to access your travel data. Like other Web APIs, they use OAuth (Open Authorization) to allow third-party applications to access your protected TripIt data without requiring you to enter your TripIt credentials in the third-party app.
The authorization workflow goes like this:
- Get a Request Token. The third-party application invokes a TripIt service that returns a “Request Token”. At this point the token is “unauthorized”.
- Authorize the token. The third-party application opens a browser window (navigateToURL) with a specific TripIt page where you can authenticate and grant access to the third-party application (aka authorize the token).
- Obtain an Access Token. The third-party application invokes a TripIt service that returns an authorized “Access Token”.
- Access protected resources.
The key point is that you never provide your TripIt credentials to the third-party application.
Since it required a little bit of work to implement this in ActionScript, I figured I would share my example. The good news is that I didn’t have to create my own OAuth client implementation in ActionScript. I found the oauth-as3 library on Google Code (Kudos to Shannon Hicks). Even though this is a TripIt example, you should be able to use it as a reference for integrating with other services using OAuth.
The UI Workflow
Here is how I built the UI to support the OAuth authorization steps. After it obtains a Request Token from TripIt, the application displays the following screen:
When you click the “Authorize Token” button, the application opens a browser window with a TripIt page where you can authenticate and grant access to the application.
You then come back to the Flex application and click the “Access Granted” button to let the app know that you are done on the TripIt page. When you click the “Access Granted” button, the application invokes a TripIt service that returns an authorized “Access Token”.
Once the application gets the Access Token, it can start accessing protected resources.
Source Code and AIR Application
You can download the Flex Project here.
You can install the application using the badge below:
[airbadge]AIR Web Server, http://coenraets.org/samples/tripit/TripItDemo.air, 1.0, http://coenraets.org/samples/tripit/logo.gif[/airbadge]