Services/F1/Server/API: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 1: Line 1:
== '''Share Server API'''  ==
== '''Share Server API'''  ==


Status: brain dump
Status: brain dump  
 
===  ===


=== Security  ===
=== Security  ===
Line 17: Line 15:
Initiates the OAuth dance for a given OAuth provider. The browser will be redirected to the OAuth endpoint for the service, providing a return url pointing to the verify endpoint described below.  
Initiates the OAuth dance for a given OAuth provider. The browser will be redirected to the OAuth endpoint for the service, providing a return url pointing to the verify endpoint described below.  


Post Data:  
'''Post Data:'''


domain: google.com  
domain: google.com  


Success Result  
'''Success Result'''


Upon a successful authorization the OAuth providers redirect back to the verify endpoint, using GET or POST depending on the service implementation.  
Upon a successful authorization the OAuth providers redirect back to the verify endpoint, using GET or POST depending on the service implementation.  


Error Result  
'''Error Result'''


If the user cancels the authorization, we cannot depend upon a redirect back to the f1 server; some services do, others do not.  
If the user cancels the authorization, we cannot depend upon a redirect back to the f1 server; some services do, others do not.  
Line 32: Line 30:


For a successful authorization, the verify endpoint will create a temporary cookie (account_tokens) to pass the users OAuth tokens back to the client. The client MUST delete this cookie after retrieving the account data. This account data also contains a POCO formatted profile object for the user that is retrieved from that service. The endpoint then redirects to the configured success or error url.  
For a successful authorization, the verify endpoint will create a temporary cookie (account_tokens) to pass the users OAuth tokens back to the client. The client MUST delete this cookie after retrieving the account data. This account data also contains a POCO formatted profile object for the user that is retrieved from that service. The endpoint then redirects to the configured success or error url.  
Example cookie data:
{
"username": "mozmotest",
"profile": {
  "displayName": "Shane Carav\u0119o",
  "providerName": "Twitter",
  "photos": [{
      "type": "profile",
      "value": "url to image"}],
  "accounts": [{
      "username": "mytestaccount",
      "domain": "twitter.com",
      "userid": 1234567890}],
  "published": "Thu Sep 02 19:53:53 +0000 2010",
  "identifier": "http://twitter.com/?id=1234567890"},
"domain": "twitter.com",
"oauth_token_secret": "My Super Secret OAuth Token",
"userid": "1234567890",
"updated": "2011-03-18T14:03:58.742713",
"oauth_token": "My less than secret OAuth token",
"key": "3e464104-51a3-11e0-9b46-d49a200eaa62"
}


=== OAuth APIs  ===
=== OAuth APIs  ===


All APIs require POST and part of the post data must be the account object that was received via the account_tokens cookie (see the verify endpoint above).
All APIs require POST and part of the post data must be the account object that was received via the account_tokens cookie (see the verify endpoint above).
Confirmed users
169

edits