### Authentication

Authentication is about validating your credentials such as Username/User ID and password to verify your identity. The system then checks whether you are what you say you are using your credentials. Whether in public or private networks, the system authenticates the user identity through login passwords. Usually authentication is done by a username and password, although there are other various ways to be authenticated.

### Authorization

Authorization occurs after your identity is successfully authenticated by the system, which therefore gives you full access to resources such as information, files, databases, funds, etc. However authorization verifies your rights to grant you access to resources only after determining your ability to access the system and up to what extent. In other words, authorization is the process to determine whether the authenticated user has access to the particular resources. A good example of this is, once verifying and confirming employee ID and passwords through authentication, the next step would be determining which employee has access to which floor and that is done through authorization.

source: https://medium.com/datadriveninvestor/authentication-vs-authorization-716fea914d55

In [1]:
# https://api.github.com/user

%run secretsGithub.ipynb
%run secretsReddit.ipynb
# https://developer.github.com/v3/users/#get-the-authenticated-user
import requests
import json
from requests.auth import HTTPBasicAuth
a = requests.get("https://api.github.com/user")

In [2]:
a.status_code # returns 401: Authentication (error message": "Requires authentication")

401

In [3]:
a = requests.get("https://api.github.com/user", auth = HTTPBasicAuth(github_id, github_password))
print(a.status_code)

200


In [4]:
a = requests.get("https://api.github.com/user", auth = (github_id, github_password))

print(a.status_code)

200


In [5]:
# Attempting to create a repository


info = {'name' : 'New_repo', 'description' : 'created via API call', 'auto_init' : 'true'}

a = requests.post('https://api.github.com/user/repos', auth = (github_id, github_password), data = json.dumps(info))

In [6]:
a.status_code

422

### What is oAuth?

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. In authentication parlance, this is known as secure, third-party, user-agent, delegated authorization.

### Car-Vallet Analogy

An OAuth token is like that valet key. As a user, you get to tell the consumers what they can use and what they can’t use from each service provider. You can give each consumer a different **valet key**. They never have the full key or any of the private data that gives them access to the full key.

Source: https://www.varonis.com/blog/what-is-oauth/

<img src="oAuthEg1.png" width="500" height="500" align="center"/>

### oAuth Roles

<img src="oAuthroles1.png" width="500" height="500" align="center"/>

### Facebook Authentication Process

<img src="fbAuthProcess.png" width="500" height="500" align="center"/>

### Reddit Authentication

Reddit API page: https://www.reddit.com/dev/api/

Documentation: https://github.com/reddit-archive/reddit/wiki/API

In [7]:
data = {"client_id" : reddit_ClientID, "response_type": 'code',
       "state" : 'random_123', "redirect_uri" : "https://www.google.com/",
       "scope" : "read"}

response = requests.get('https://www.reddit.com/api/v1/authorize',  params = data)
print(response.url)

https://www.reddit.com/api/v1/authorize?client_id=8jGfPVnQYA72Rw&response_type=code&state=random_123&redirect_uri=https%3A%2F%2Fwww.google.com%2F&scope=read


In [8]:
data = {"grant_type" : 'authorization_code',
       'code' : 'nHplE67yrNC285Tiz6zOg_oQ2Ng',
       'redirect_uri' : "https://www.google.com/"}

r = requests.post('https://www.reddit.com/api/v1/access_token',
                 data = data, auth = (reddit_ClientID, reddit_Client_Secret),
                 headers = {'User-Agent' : 'Siddharth'})

print(r.text)

{"access_token": "48465820-daO1LH26hH3LyukNvJnboOZJ2Us", "token_type": "bearer", "expires_in": 3600, "scope": "read"}


In [9]:
h = {'User-Agent' : 'Siddharth', "Authorization" : 'bearer 48465820-daO1LH26hH3LyukNvJnboOZJ2Us' }

r = requests.get('https://oauth.reddit.com/hot', headers = h)
data = r.json()
# print(json.dumps(data, indent = 4))

In [10]:
# Print title of every post (data -> children - > list)

posts = data['data']['children']
print(len(posts))
# print(print(json.dumps(posts, indent = 4)))

25


In [11]:
for p in posts:
    print(p['data']['subreddit'])
    print(p['data']['title'], '-', p['data']['author'])
    print(p['data']['url'])
    print("=========")

worldnews
Microsoft Japan’s experiment with a 3-day weekend boosts worker productivity by 40%. - Hoosier_Jedi
https://soranews24.com/2019/11/03/microsoft-japans-experiment-with-3-day-weekend-boosts-worker-productivity-by-40-percent/
space
Closeup photograph I shot of yesterday’s Antares rocket launch delivering cargo to the International Space Station - johnkphotos
https://i.redd.it/irpgqmm41hw31.png
instant_regret
Going for the big jump - Fergusan78b
https://i.imgur.com/nqsSgzy.gif
science
Scientists replaced 40 percent of cement with rice husk cinder, limestone crushing waste, and silica sand, giving concrete a rubber-like quality, six to nine times more crack-resistant than regular concrete. It self-seals, replaces cement with plentiful waste products, and should be cheaper to use. - mvea
https://newatlas.com/materials/rubbery-crack-resistant-cement/
todayilearned
TIL that there has been a boat/barge trapped in the rapids above Niagara Falls for over 100 years - BlueHarvestJ
https:/

In [12]:
h = {'User-Agent' : 'Siddharth', "Authorization" : 'bearer 48465820-daO1LH26hH3LyukNvJnboOZJ2Us' }

r = requests.get('https://oauth.reddit.com/r/reddevils/hot', headers = h)
data = r.json()
#print(json.dumps(data, indent = 4))

In [13]:
posts = data['data']['children']
for p in posts:
    print(p['data']['title'], '-', p['data']['author'])
    #print(p['data']['selftext'])
    print(p['data']['url'])
    print("=========")

[Post Match Thread] Bournemouth 1 - 0 Manchester Utd - DatGuyRich
https://www.reddit.com/r/reddevils/comments/dqkt7f/post_match_thread_bournemouth_1_0_manchester_utd/
United Women XI vs Everton (Continental Cup): Earps, A.Turner, McManus, M.Turner, Harris, Ladd, Zelem (c), Groenen, Hanson, James, Galton - ThePun-dit
https://twitter.com/ManUtdWomen/status/1190955570976772102
[r/reddevils Player of The Month] October: Aaron Wan-Bissaka - jonwinslol
https://i.redd.it/k60now3v5hw31.png
Pogba: I'm disgusted , To see the team lose without being able to play is the worst. It's not easy to see my teammates go to training or on the field, but I have to take the time to come back. " - Anirudh707
https://rmcsport.bfmtv.com/football/manchester-united-paul-pogba-degoute-apres-la-defaite-a-bournemouth-1798453.html?fbclid=IwAR17rOpKtVGemJqKPvUGQoQMedLJyn9TB2-JB2tzZ3-it-8dmQBEtBV-6Ec
Unpopular opinion - This season is the right time to expose our quality of the squad, especially for squad player - Dea

In [14]:
# We can restrict number of post by using limit parameter

In [15]:
# See if a username is available
h = {'User-Agent' : 'Siddharth', "Authorization" : 'bearer 48465820-daO1LH26hH3LyukNvJnboOZJ2Us' }

r = requests.get('https://oauth.reddit.com/api/username_available',
                 headers = h, params = {'user' : 'sid21g' } )
data = r.json()
data

False