eBay OAuth (Connect eBay Account) for full trust scores #2

New issue

Closed

opened 2026-03-26 15:05:48 -07:00 by pyr0ball · 0 comments

pyr0ball commented

2026-03-26 15:05:48 -07:00

Owner

Problem

eBay Browse API returns only 3 seller fields (username, feedbackScore, feedbackPercentage). registrationDate and feedbackByCategory require a User Access Token (OAuth Authorization Code flow) via Trading API GetUser. App-level Bearer tokens are rejected.

Current workaround: Playwright BTF scraping + Shopping API (rate-limited). Both are slow or quota-constrained.

Implementation

All 6 tasks shipped as of 2026-04-17.

What was built

cf-core: circuitforge_core/platforms/ebay/oauth.py

EbayUserTokenManager — Authorization Code flow: get_authorization_url(), exchange_code(), refresh()
EbayUserTokens dataclass
Stored in cf-core so Falcon/Osprey can reuse when they also need platform OAuth

Snipe API (api/main.py)

GET /api/ebay/connect — returns eBay auth URL (paid tier gate)
GET /api/ebay/callback — exchanges code, stores tokens, redirects to /settings?ebay_connected=1
GET /api/ebay/status — returns {connected, oauth_available, access_token_expired, scopes}
DELETE /api/ebay/disconnect — removes stored tokens
Token storage: per-user SQLite DB via migration 013

eBay adapter (app/platforms/ebay/adapter.py)

enrich_seller_trading_api(username, user_access_token) — XML Trading API GetUser call, parses RegistrationDate, updates account_age_days in store

Search flow integration

_try_trading_api_enrichment() runs synchronously in the search handler before BTF background thread
Auto-refreshes access token if within 60s of expiry
Sellers resolved by Trading API are excluded from the BTF Playwright pass via skip_seller_ids
Trust scores in the initial response already reflect Trading API data (no SSE update needed)

Settings UI (web/src/views/SettingsView.vue)

"eBay Account" section (hidden if EBAY_RUNAME not configured or user not signed in)
Connected: green dot, description, Reconnect (if expired) + Disconnect buttons
Not connected (paid+): Connect button
Not connected (free): upsell copy
Handles ?ebay_connected=1 / ?ebay_error= redirect params from OAuth callback

.env.example — step-by-step EBAY_RUNAME + EBAY_OAUTH_REDIRECT_URI setup instructions

Prerequisites for activation

eBay developer console: register a RuName with callback URL pointing to /api/ebay/callback
Set EBAY_RUNAME and EBAY_OAUTH_REDIRECT_URI in .env (see .env.example)
Callback URL must be HTTPS and publicly reachable

## Problem eBay Browse API returns only 3 seller fields (`username`, `feedbackScore`, `feedbackPercentage`). `registrationDate` and `feedbackByCategory` require a **User Access Token** (OAuth Authorization Code flow) via Trading API `GetUser`. App-level Bearer tokens are rejected. **Current workaround:** Playwright BTF scraping + Shopping API (rate-limited). Both are slow or quota-constrained. ## Implementation All 6 tasks shipped as of 2026-04-17. ### What was built **cf-core: `circuitforge_core/platforms/ebay/oauth.py`** - `EbayUserTokenManager` — Authorization Code flow: `get_authorization_url()`, `exchange_code()`, `refresh()` - `EbayUserTokens` dataclass - Stored in cf-core so Falcon/Osprey can reuse when they also need platform OAuth **Snipe API (`api/main.py`)** - `GET /api/ebay/connect` — returns eBay auth URL (paid tier gate) - `GET /api/ebay/callback` — exchanges code, stores tokens, redirects to `/settings?ebay_connected=1` - `GET /api/ebay/status` — returns `{connected, oauth_available, access_token_expired, scopes}` - `DELETE /api/ebay/disconnect` — removes stored tokens - Token storage: per-user SQLite DB via migration 013 **eBay adapter (`app/platforms/ebay/adapter.py`)** - `enrich_seller_trading_api(username, user_access_token)` — XML Trading API `GetUser` call, parses `RegistrationDate`, updates `account_age_days` in store **Search flow integration** - `_try_trading_api_enrichment()` runs synchronously in the search handler before BTF background thread - Auto-refreshes access token if within 60s of expiry - Sellers resolved by Trading API are excluded from the BTF Playwright pass via `skip_seller_ids` - Trust scores in the initial response already reflect Trading API data (no SSE update needed) **Settings UI (`web/src/views/SettingsView.vue`)** - "eBay Account" section (hidden if EBAY_RUNAME not configured or user not signed in) - Connected: green dot, description, Reconnect (if expired) + Disconnect buttons - Not connected (paid+): Connect button - Not connected (free): upsell copy - Handles `?ebay_connected=1` / `?ebay_error=` redirect params from OAuth callback **`.env.example`** — step-by-step `EBAY_RUNAME` + `EBAY_OAUTH_REDIRECT_URI` setup instructions ## Prerequisites for activation 1. eBay developer console: register a RuName with callback URL pointing to `/api/ebay/callback` 2. Set `EBAY_RUNAME` and `EBAY_OAUTH_REDIRECT_URI` in `.env` (see `.env.example`) 3. Callback URL must be HTTPS and publicly reachable