# HUBzero Password Auth Example

This demonstrates how to use the HUBzero API to use the User/Password Flow for OAuth. Documentation is available on HUBzero's Website: https://hubzero.org/developer/api/docs#oauth-usercredentials

### Notes
This example disables SSL verification. This is dangerous for production applications. Remove `verify=False` from any requests before using in production.  

This example will use some test credentials. When building your application, make sure that these are **NOT** stored in plaintext. Most applications will prompt the user upon first-time run / configuration and store the passwords securely.

## Registering an application
For accounting purposes, each request must correspond to a registered application. 
To obtain your `client_id` and `client_secret`, register an application at `https://<host>/developer/api/applications`
![title](applicationsecrets.PNG)

Once you have registered your application, change the variables below to reflect *your* information.

In [57]:
host = '10.8.0.4' # Change to your development machine
username = 'hubzerosolr' # Your username
password = 'hubzero123' # Your password
client_id = 'a5f0947875a2960ba10cbf9fc2e2afdf' # Change me
client_secret = '71e07c1e2aa1ae084af6409c6baafc693b6f375e' # Change me

We will now use the `requests` Python library to make a POST request to your hosts to obtain a token using your username and password. The access token will be stored in the `access_token` variable for later use.

In [58]:
import requests
import json
r = requests.post('https://' + host + '/developer/oauth/token', data = {
    'client_id':client_id,
    'client_secret':client_secret,
    'username':username,
    'password':password,
    'grant_type':'password'}, verify=False)
r.status_code
response = r.json()
access_token = response['access_token']
print access_token



9135688374f83449c4da756e69bd3d2da2a6c0c7


Now that we have an access token, we must place it in the header for any priveleged requests we want to make. This can be accopmlished by making a dictionary with the key `Authorization` and the value of `Bearer <access_token>`. Notice there is a <space> between 'Bearer' and the token.

This request will access the HUBzero Members API endpoint and list members of the Hub formatted as a JSON blob.

In [59]:
headers = {'Authorization': 'Bearer ' + access_token}
r = requests.get('https://' + host + '/api/members/list', headers=headers, verify=False)
members = r.json()['members']
print members



[{u'username': u'admin', u'surname': u'Manager', u'name': u'CMS Manager', u'middleName': u'', u'uri': u'https://10.8.0.4/members/1000', u'organization': None, u'givenName': u'CMS', u'id': u'1000'}, {u'username': u'hubzerosolr', u'surname': u'Solr', u'name': u'HUBzero Solr', u'middleName': u'', u'uri': u'https://10.8.0.4/members/1001', u'organization': None, u'givenName': u'HUBzero', u'id': u'1001'}]


If you wanted to iterate over elements of that blob (something common in web development), you might do something like this:

In [60]:
for member in members:
    print member['name']

CMS Manager
HUBzero Solr


You made your first password-authenticated API request! That wasn't so hard was it? The HUBzero Web Develoment Team is hard at work in planning and writing version 2.0 of the API. We hope to standardize the expected values and methods of the API. Stay tuned for more information. In the meantime, you n use the current version of the API. The endpoints are documented at https://hubzero.org/developer/api/docs