Setting up an authentication page
This page will describe the steps involved for setting up a page for authenticating with the Vimeo Advanced API using OAuth 1.0a.
To get started, we need to initialize a new instance of the VimeoOAuthClient class. This class is used for the authentication, as well as the raw communication with the Advanced API once the user is authenticated. The class has properties which should be populated with information about your Vimeo app:
VimeoOAuthClient oauth = new VimeoOAuthClient {
ConsumerKey = "The consumer key of your app",
ConsumerSecret = "The consumer secret of your app",
Callback = "Your callback URI"
};
If you don't know how to find your consumer key and consumer secret, head over to the My API Apps at developer.vimeo.com. The callback URL is simply the URL of your authentication page (so Vimeo knows which URL it should redirect the user back to after a successful authentication).
Once we have an instance of VimeoOAuthClient, we can request what in OAuth 1.0a terminology is called a request token. A request token (and a corresponding request token secret) is used to identify the request to Vimeo prior to actually redirecting the user to the Vimeo authentication page. The code to obtain a request token can look like:
// Get a request token from the Vimeo API
OAuthRequestToken token = oauth.GetRequestToken();
// Save the token information to the session so we can grab it later
Session[token.Token] = token;
// Redirect the user to the authentication page at Vimeo.com
Response.Redirect(token.AuthorizeUrl);
We're saving the response to the session of the user so that we still have the request token and request token secret once the user is redirected back to our authentication page.
Once the user has been authenticated on the Vimeo authentication page, he/she is redirected back to the callback URL you specified earlier. It's wort noticing that the query string will now contain two parameters - oauth_token
and oauth_verifier
. oauth_token
is the request token we received earlier, and both the oauth_token
and oauth_verifier
parameters can now be used to obtain an access token and access token secret for the user we're authenticating. Also, we're using using the request token and request token secret to sign/hash the call to the API, which is part of the security involved in OAuth 1.0a.
// Grab the request token from the session
OAuthRequestToken token = Session[oAuthToken] as OAuthRequestToken;
// Update the OAuth client with information from the request token
oauth.Token = token.Token;
oauth.TokenSecret = token.TokenSecret;
// Obtain an access token from the request token and OAuth verifier
OAuthAccessToken accessToken = oauth.GetAccessToken(oAuthVerifier);
The OAuthAccessToken
represents the response from the Vimeo API, and contains an AccessToken
property and an AccessTokenSecret
property containing the access token and access token secret respectively of the now authenticated user.
Along with the consumer key and consumer secret, you can now use the access token and access token secret to make calls to the Vimeo Advanced API on behalf of the authenticated user.
https://vimeo.com/home
rather than back to your own authentication page.