in Geo

Fireeagle IRC bot / OAuth / Dopplr

I noticed people in #geo playing with a fireeagle bot earlier, so I had to try too.

danbri: fireup, help?
[13:29] fireeagle: danbri: I have just sent you a URL in privmsg, please click on it to authorize.

[time passes... things happen behind the scenes...]

[13:31] danbri: fireup Leiden, Netherlands
[13:31] fireeagle: Updating danbri to Leiden, Nederland
[13:32] • danbri gives fireeagle a botsnack

Behind the scenes, the bot passed me an URL:

fireeagle: Try Again! You must authorize first: https://fireeagle.yahoo.net/oauth/authorize?oauth_token=XYZABCD

And clicking this took me off into the Fireeagle Web UI, where I had to reconfirm my membership (3 months had lapsed; it times out if you don’t show signs of life). Then I had to give the IRC bot permission to access my Fireeagle data, and finally it send me to a duff return URL,

http://0.0.0.0:3000/dummy_app/callback?name=Honking+Fun&oauth_token=XYZABCD

…which is understandable-ish given that IRC bots aren’t normal Web apps, though I wonder if an IRC URI would be allowed per the OAuth spec. I know there is work on wiring XMPP and OAuth together, after all.

So now Fireeagle and downstream apps (eg. the MacOSX widget pictured here) can learn about my location when I tell this IRC bot where I am.

So logged into Fireeagle Web site now I read:

Fire Eagle last spotted you about 1 hour ago in Leiden, Nederland using Fire Eagle GeoIRC bot. If you’ve gone somewhere else, then you should update your location!

And here’s the corresponding MacOSX widget:

 Fireeagle widget

Since I don’t use nickserv on the OFTC IRC network, this means anyone logged in there as ‘danbri’ can set my location data at Fireeagle. But at least they can’t add Facebook buddies, read my private email or ‘your password has been reset’ messages. And if they do, Fireeagle lets me revoke this token without messing up anything else.

Now, how to convince Dopplr to believe what it oauth-reads at Fireeagle? Logging into Dopplr by OpenID (hurrah :), I read the following falsehood:

…and when I try to tell it I’m actually in the Netherlands for a few days, and that my June 17th Dopplr journal entry “You returned from a trip to Guadalajara.” wasn’t a return to Bristol, it gets stuck: “Sorry, we couldn’t add that trip: You need a return date“. On closer inspection this seems to be my error; Dopplr has a new facility for multi-stop trips and if I’d added a Leiden stage to this last trip before it seemingly finished, Dopplr, Fireeagle and the IRC bot would be in agreement about my location.

So what’s so interesting about all this? Partly that OAuth provides a reasonable and deployable model for wiring up data pipes between socially oriented Web sites (and with some provisos, non-Web UI too), so that each can specialise in some task or domain. But also that, when the specialities of these sites and services do overlap, we’ll get into the business of conflict resolution amongst competing claims. When Dopplr reads that Fireeagle thinks I’m in Leiden, despite the last trip it knows about supposedly returning me to Bristol on the 17th, what should it do? Perhaps update its own state to a “well nobody told me, but it seems he’s in the netherlands” position?

ps. Fireeagle remains invite-only, and I don’t have any invites. Sorry about that, for those who haven’t tried it yet. There are some screenshots and a writeup at TechCrunch at least. Basically it’s an information broker for your location data, with data access mediated largely through OAuth REST APIs. For those with an invite, the developer docs have more detail than I’ve yet managed to digest.

Add Comment Register