OAuth 1.0a flow functions for the Discogs API.
This module handles the OAuth handshake — requesting temporary tokens,
generating authorization URLs, and exchanging verifiers for permanent
credentials. For building auth values to pass to API functions, see
ExDisco.Auth.Authorization.
OAuth 1.0a Flow
Step 1: Get Consumer Credentials
Register your application at https://www.discogs.com/settings/developers to obtain consumer_key and consumer_secret. Store these in your config:
config :ex_disco, ExDisco,
consumer_key: "your_consumer_key",
consumer_secret: "your_consumer_secret"Step 2: Request a Temporary Token
When a user logs in, request a temporary token that directs them to Discogs:
{:ok, request_token} = ExDisco.Auth.request_token("https://yourapp.com/callback")Store the request_token temporarily (it's short-lived).
Step 3: Redirect User to Authorization
Direct the user to Discogs with:
url = ExDisco.Auth.authorize_url(request_token)
# Redirect user to this URLDiscogs returns them to your callback URL with an oauth_verifier parameter.
Step 4: Exchange for Long-Lived Credentials
Use the verifier to get an Authorization struct:
{:ok, auth} = ExDisco.Auth.access_token(request_token, verifier)
# Store auth.credentials for the userStep 5: Make Authenticated Requests
Pass the returned Authorization directly to API functions:
{:ok, auth} = ExDisco.Auth.access_token(request_token, verifier)
auth
|> ExDisco.Users.get_identity()Summary
Functions
Exchanges a verifier for permanent OAuth credentials using configured credentials.
Exchanges a verifier for permanent OAuth credentials using explicit credentials.
Generates the URL to redirect the user to for authorization.
Requests a temporary OAuth token using configured consumer credentials.
Requests a temporary OAuth token using explicit consumer credentials.
Functions
@spec access_token(ExDisco.Auth.RequestToken.t(), String.t()) :: {:ok, ExDisco.Auth.Authorization.t()} | {:error, ExDisco.Error.t()}
Exchanges a verifier for permanent OAuth credentials using configured credentials.
This is Step 4 of the OAuth flow. After the user approves your app on Discogs and is redirected back to your callback URL, you'll receive an oauth_verifier. Use this function to exchange it for long-lived credentials.
Store the returned credentials (token and token_secret) for the user so you can make authenticated requests on their behalf.
Examples
iex> req_token = %ExDisco.Auth.RequestToken{oauth_token: "...", oauth_token_secret: "..."}
iex> ExDisco.Auth.access_token(req_token, "verifier_from_discogs")
{:ok, %ExDisco.Auth.Authorization{type: :oauth, ...}}@spec access_token(String.t(), String.t(), String.t(), String.t(), String.t()) :: {:ok, ExDisco.Auth.Authorization.t()} | {:error, ExDisco.Error.t()}
Exchanges a verifier for permanent OAuth credentials using explicit credentials.
Same as access_token/2 but accepts credentials directly instead of reading from config. Use when your consumer credentials are not in config.
Examples
iex> ExDisco.Auth.access_token("key", "secret", "req_token", "req_secret", "verifier")
{:ok, %ExDisco.Auth.Authorization{type: :oauth, ...}}@spec authorize_url(String.t() | ExDisco.Auth.RequestToken.t()) :: String.t()
Generates the URL to redirect the user to for authorization.
This is Step 2 of the OAuth flow. Redirect the user to this URL so they can approve your app. After approval, Discogs redirects them back to your callback URL with an oauth_verifier parameter.
Can accept either a RequestToken struct or a raw oauth_token string.
Examples
iex> token = %ExDisco.Auth.RequestToken{oauth_token: "temp_token"}
iex> url = ExDisco.Auth.authorize_url(token)
iex> String.starts_with?(url, "https://www.discogs.com/oauth/authorize")
true
iex> url = ExDisco.Auth.authorize_url("temp_token")
iex> String.contains?(url, "oauth_token=temp_token")
true@spec request_token(String.t()) :: {:ok, ExDisco.Auth.RequestToken.t()} | {:error, ExDisco.Error.t()}
Requests a temporary OAuth token using configured consumer credentials.
The callback_url is where Discogs will redirect the user after they authorize your app. This is Step 1 of the OAuth flow.
Examples
iex> ExDisco.Auth.request_token("https://myapp.com/auth/callback")
{:ok, %ExDisco.Auth.RequestToken{...}}@spec request_token(String.t(), String.t(), String.t()) :: {:ok, ExDisco.Auth.RequestToken.t()} | {:error, ExDisco.Error.t()}
Requests a temporary OAuth token using explicit consumer credentials.
Use this if your consumer credentials are not in config. Same as request_token/1 but accepts credentials directly instead of reading from config.
Examples
iex> ExDisco.Auth.request_token("key", "secret", "https://myapp.com/auth/callback")
{:ok, %ExDisco.Auth.RequestToken{...}}