Confirmed users
169
edits
Services/F1/Server/API: Difference between revisions
no edit summary
Mixedpuppy (talk | contribs) No edit summary |
Mixedpuppy (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
== '''Share Server API''' == | == '''Share Server API''' == | ||
Status: brain dump | Status: brain dump | ||
=== Security === | === Security === | ||
| Line 17: | Line 15: | ||
Initiates the OAuth dance for a given OAuth provider. The browser will be redirected to the OAuth endpoint for the service, providing a return url pointing to the verify endpoint described below. | Initiates the OAuth dance for a given OAuth provider. The browser will be redirected to the OAuth endpoint for the service, providing a return url pointing to the verify endpoint described below. | ||
Post Data: | '''Post Data:''' | ||
domain: google.com | domain: google.com | ||
Success Result | '''Success Result''' | ||
Upon a successful authorization the OAuth providers redirect back to the verify endpoint, using GET or POST depending on the service implementation. | Upon a successful authorization the OAuth providers redirect back to the verify endpoint, using GET or POST depending on the service implementation. | ||
Error Result | '''Error Result''' | ||
If the user cancels the authorization, we cannot depend upon a redirect back to the f1 server; some services do, others do not. | If the user cancels the authorization, we cannot depend upon a redirect back to the f1 server; some services do, others do not. | ||
| Line 32: | Line 30: | ||
For a successful authorization, the verify endpoint will create a temporary cookie (account_tokens) to pass the users OAuth tokens back to the client. The client MUST delete this cookie after retrieving the account data. This account data also contains a POCO formatted profile object for the user that is retrieved from that service. The endpoint then redirects to the configured success or error url. | For a successful authorization, the verify endpoint will create a temporary cookie (account_tokens) to pass the users OAuth tokens back to the client. The client MUST delete this cookie after retrieving the account data. This account data also contains a POCO formatted profile object for the user that is retrieved from that service. The endpoint then redirects to the configured success or error url. | ||
Example cookie data: | |||
{ | |||
"username": "mozmotest", | |||
"profile": { | |||
"displayName": "Shane Carav\u0119o", | |||
"providerName": "Twitter", | |||
"photos": [{ | |||
"type": "profile", | |||
"value": "url to image"}], | |||
"accounts": [{ | |||
"username": "mytestaccount", | |||
"domain": "twitter.com", | |||
"userid": 1234567890}], | |||
"published": "Thu Sep 02 19:53:53 +0000 2010", | |||
"identifier": "http://twitter.com/?id=1234567890"}, | |||
"domain": "twitter.com", | |||
"oauth_token_secret": "My Super Secret OAuth Token", | |||
"userid": "1234567890", | |||
"updated": "2011-03-18T14:03:58.742713", | |||
"oauth_token": "My less than secret OAuth token", | |||
"key": "3e464104-51a3-11e0-9b46-d49a200eaa62" | |||
} | |||
=== OAuth APIs === | === OAuth APIs === | ||
All APIs require POST and part of the post data must be the account object that was received via the account_tokens cookie (see the verify endpoint above). | All APIs require POST and part of the post data must be the account object that was received via the account_tokens cookie (see the verify endpoint above). | ||