eBay OAuth (Connect eBay Account) for full trust scores #2

Closed
opened 2026-03-26 15:05:48 -07:00 by pyr0ball · 0 comments
Owner

Problem

eBay Browse API returns only 3 seller fields (username, feedbackScore, feedbackPercentage). registrationDate and feedbackByCategory require a User Access Token (OAuth Authorization Code flow) via Trading API GetUser. App-level Bearer tokens are rejected.

Current workaround: Playwright BTF scraping + Shopping API (rate-limited). Both are slow or quota-constrained.

Implementation

All 6 tasks shipped as of 2026-04-17.

What was built

cf-core: circuitforge_core/platforms/ebay/oauth.py

  • EbayUserTokenManager — Authorization Code flow: get_authorization_url(), exchange_code(), refresh()
  • EbayUserTokens dataclass
  • Stored in cf-core so Falcon/Osprey can reuse when they also need platform OAuth

Snipe API (api/main.py)

  • GET /api/ebay/connect — returns eBay auth URL (paid tier gate)
  • GET /api/ebay/callback — exchanges code, stores tokens, redirects to /settings?ebay_connected=1
  • GET /api/ebay/status — returns {connected, oauth_available, access_token_expired, scopes}
  • DELETE /api/ebay/disconnect — removes stored tokens
  • Token storage: per-user SQLite DB via migration 013

eBay adapter (app/platforms/ebay/adapter.py)

  • enrich_seller_trading_api(username, user_access_token) — XML Trading API GetUser call, parses RegistrationDate, updates account_age_days in store

Search flow integration

  • _try_trading_api_enrichment() runs synchronously in the search handler before BTF background thread
  • Auto-refreshes access token if within 60s of expiry
  • Sellers resolved by Trading API are excluded from the BTF Playwright pass via skip_seller_ids
  • Trust scores in the initial response already reflect Trading API data (no SSE update needed)

Settings UI (web/src/views/SettingsView.vue)

  • "eBay Account" section (hidden if EBAY_RUNAME not configured or user not signed in)
  • Connected: green dot, description, Reconnect (if expired) + Disconnect buttons
  • Not connected (paid+): Connect button
  • Not connected (free): upsell copy
  • Handles ?ebay_connected=1 / ?ebay_error= redirect params from OAuth callback

.env.example — step-by-step EBAY_RUNAME + EBAY_OAUTH_REDIRECT_URI setup instructions

Prerequisites for activation

  1. eBay developer console: register a RuName with callback URL pointing to /api/ebay/callback
  2. Set EBAY_RUNAME and EBAY_OAUTH_REDIRECT_URI in .env (see .env.example)
  3. Callback URL must be HTTPS and publicly reachable
## Problem eBay Browse API returns only 3 seller fields (`username`, `feedbackScore`, `feedbackPercentage`). `registrationDate` and `feedbackByCategory` require a **User Access Token** (OAuth Authorization Code flow) via Trading API `GetUser`. App-level Bearer tokens are rejected. **Current workaround:** Playwright BTF scraping + Shopping API (rate-limited). Both are slow or quota-constrained. ## Implementation All 6 tasks shipped as of 2026-04-17. ### What was built **cf-core: `circuitforge_core/platforms/ebay/oauth.py`** - `EbayUserTokenManager` — Authorization Code flow: `get_authorization_url()`, `exchange_code()`, `refresh()` - `EbayUserTokens` dataclass - Stored in cf-core so Falcon/Osprey can reuse when they also need platform OAuth **Snipe API (`api/main.py`)** - `GET /api/ebay/connect` — returns eBay auth URL (paid tier gate) - `GET /api/ebay/callback` — exchanges code, stores tokens, redirects to `/settings?ebay_connected=1` - `GET /api/ebay/status` — returns `{connected, oauth_available, access_token_expired, scopes}` - `DELETE /api/ebay/disconnect` — removes stored tokens - Token storage: per-user SQLite DB via migration 013 **eBay adapter (`app/platforms/ebay/adapter.py`)** - `enrich_seller_trading_api(username, user_access_token)` — XML Trading API `GetUser` call, parses `RegistrationDate`, updates `account_age_days` in store **Search flow integration** - `_try_trading_api_enrichment()` runs synchronously in the search handler before BTF background thread - Auto-refreshes access token if within 60s of expiry - Sellers resolved by Trading API are excluded from the BTF Playwright pass via `skip_seller_ids` - Trust scores in the initial response already reflect Trading API data (no SSE update needed) **Settings UI (`web/src/views/SettingsView.vue`)** - "eBay Account" section (hidden if EBAY_RUNAME not configured or user not signed in) - Connected: green dot, description, Reconnect (if expired) + Disconnect buttons - Not connected (paid+): Connect button - Not connected (free): upsell copy - Handles `?ebay_connected=1` / `?ebay_error=` redirect params from OAuth callback **`.env.example`** — step-by-step `EBAY_RUNAME` + `EBAY_OAUTH_REDIRECT_URI` setup instructions ## Prerequisites for activation 1. eBay developer console: register a RuName with callback URL pointing to `/api/ebay/callback` 2. Set `EBAY_RUNAME` and `EBAY_OAUTH_REDIRECT_URI` in `.env` (see `.env.example`) 3. Callback URL must be HTTPS and publicly reachable
pyr0ball added this to the Public Launch milestone 2026-04-04 16:33:19 -07:00
pyr0ball added the
backlog
feature
paid-tier
labels 2026-04-05 21:54:32 -07:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Circuit-Forge/snipe#2
No description provided.