Feature Request: Automatic Authorization via Callback URL with Verification Code

[danchev]

The E-Trade Developer Guide mentions support for automatic authorization using a callback URL.
It would be great if pyetrade natively supported this functionality, enabling seamless authentication without manual input of the verification code.

Ref:

Callbacks
As mentioned above, when the user authorizes the application, the ETRADE website generates a verification code that must be passed to the application. One approach is for the user to simply copy the code and paste it into the application. A much better solution is for ETRADE to automatically redirect the user back to the application, using a callback URL with the verification code added as a query parameter, as shown in these example URLs:

https://myapplicationsite.com/mytradingapp?oauth_verifier=WXYZ89
https://myapplicationsite.com?myapp=trading&oauth_verifier=WXYZ89

Configuring a callback

Using a callback requires that the callback URL be associated with your consumer key in the ETRADE system. To request this, log in to your ETRADE account and send a secure message to Customer Service. Select the subject "Technical Issues" and the topic "E*TRADE API". State that you would like to have a callback configured, and specify your consumer key and the desired callback URL. Your callback URL can be just a simple address, or can also include query parameters.

Once the callback is configured, two system behaviors are changed:

The oauth_callback_confirmed property of the request_token API returns TRUE to show that there is a callback URL associated with the consumer key.

Users who approve the authorization request are automatically redirected to the callback URL, with the verification code appended as a query parameter (as shown in the example URLs above).

[Robert-Zacchigna]

I don't know how i missed this, i read through nearly all of etrades docs. I'll have to put in the request.

The current implementation of the authorization part of the module does allow for a callback_url (it just defaults to "oob").

pyetrade/pyetrade/authorization.py

Lines 27 to 39 in adff0ee

	def __init__(
	self, consumer_key: str, consumer_secret: str, callback_url: str = "oob"
	):
	self.consumer_key = consumer_key
	self.consumer_secret = consumer_secret
	self.base_url_prod = r"https://api.etrade.com"
	self.base_url_dev = r"https://apisb.etrade.com"
	self.req_token_url = r"https://api.etrade.com/oauth/request_token"
	self.auth_token_url = r"https://us.etrade.com/e/t/etws/authorize"
	self.access_token_url = r"https://api.etrade.com/oauth/access_token"
	self.callback_url = callback_url
	self.access_token = None
	self.resource_owner_key = None

I don't have a callback_url to test it with and looking at the current implementation, it doesn't look like the get_request_token function will return the redirected callback_url since the function is formatting everything for the standard token request method instead.

pyetrade/pyetrade/authorization.py

Lines 50 to 72 in adff0ee

	# Set up session
	self.session = OAuth1Session(
	self.consumer_key,
	self.consumer_secret,
	callback_uri=self.callback_url,
	signature_type="AUTH_HEADER",
	)
	# get request token
	self.session.fetch_request_token(self.req_token_url)
	# get authorization url
	# etrade format: url?key&token
	authorization_url = self.session.authorization_url(self.auth_token_url)
	akey = self.session.parse_authorization_response(authorization_url)
	# store oauth_token
	self.resource_owner_key = akey["oauth_token"]
	formated_auth_url = "%s?key=%s&token=%s" % (
	self.auth_token_url,
	self.consumer_key,
	akey["oauth_token"],
	)
	LOGGER.debug(formated_auth_url)
	return formated_auth_url

I would guess that we would first need to check if the user specifies a callback_url in the init of ETradeOAuth and if so, return the auto redirected callback_url instead of the formatted token request URL (else return the formatted token request URL).

If you have a callback_url, can you test the function as is and report back what happens?

[danchev]

If you have a callback_url, can you test the function as is and report back what happens?

Unfortunately, I don't have a callback_url either. I'll reach out to E-Trade to request one and will provide an update as soon as I receive it.