Skip to content
Snippets Groups Projects
Commit 9dab5f9f authored by Pierre Guilleminot's avatar Pierre Guilleminot Committed by GitHub
Browse files

Merge pull request #582 from aenario/oauthdoc

Fix Oauth docs with actual implementation
parents 4a52ca7e 54407deb
No related branches found
No related tags found
No related merge requests found
...@@ -89,23 +89,19 @@ A few services allows to specify arbitrary redirect_url without registering befo ...@@ -89,23 +89,19 @@ A few services allows to specify arbitrary redirect_url without registering befo
A. In SettingsApp give a link A. In SettingsApp give a link
```html ```html
<a href="https://service.example/auth? (url) <a href="https://bob.cozy.rocks/accounts/service-name/start? (url)
response_type=code&
client_id=CLIENT_ID&
scope=photos& scope=photos&
state=1234zyx& state=1234zyx">
redirect_uri=https://bob.cozy.rocks/accounts/redirect">
``` ```
**NOTE** the scope may depends on other fields being configured (checkboxes), this will be described in json in the konnectors manifest. The format will be determined upon implementation. **NOTE** the scope may depends on other fields being configured (checkboxes), this will be described in json in the konnectors manifest. The format will be determined upon implementation.
**NOTE** To limit bandwith and risk of state corruption, SettingsApp should save its state under a random key into localStorage, the key is then passed as the state in this query. **NOTE** To limit bandwith and risk of state corruption, SettingsApp should save its state under a random key into localStorage, the key is then passed as the state in this query.
B. Service let the user login, allow or deny scope B. Service let the user login, allow or deny scope
Then redirect to Then redirect to
```http ```http
https://bob.cozy.rocks/accounts/redirect? (url) https://bob.cozy.rocks/accounts/service-name/redirect? (url)
code=AUTH_CODE_HERE& code=AUTH_CODE_HERE&
state=1234zyx state=1234zyx
``` ```
...@@ -116,7 +112,7 @@ POST https://api.service.example/token ...@@ -116,7 +112,7 @@ POST https://api.service.example/token
Content-Type: Content-Type:
grant_type=authorization_code& grant_type=authorization_code&
code=AUTH_CODE_HERE& code=AUTH_CODE_HERE&
redirect_uri=https://bob.cozy.rocks/accounts/redirect& redirect_uri=https://bob.cozy.rocks/accounts/service-name/redirect&
client_id=CLIENT_ID& client_id=CLIENT_ID&
client_secret=CLIENT_SECRET client_secret=CLIENT_SECRET
``` ```
...@@ -133,9 +129,9 @@ D. The Service responds (server side) with (json) ...@@ -133,9 +129,9 @@ D. The Service responds (server side) with (json)
"info":{"name":"Claude Douillet","email":"claude.douillet@example.com"} "info":{"name":"Claude Douillet","email":"claude.douillet@example.com"}
} }
``` ```
This whole object is saved as-is into a `io.cozy.accounts` 's `oauth_callback_results` field. This whole object is saved as-is into a `io.cozy.accounts` 's `extras` field.
The known fields `access_token`, `refresh_token` & `scope` will be **also** saved on the account itself The known fields `access_token`, `refresh_token` & `scope` will be **also** saved on the account's `oauth` itself
E. The Stack redirect the user to SettingsApp E. The Stack redirect the user to SettingsApp
...@@ -217,9 +213,3 @@ The following is a few points to be careful for in konnectors when we start allo ...@@ -217,9 +213,3 @@ The following is a few points to be careful for in konnectors when we start allo
- MAIF konnector uses the webserver flow without redirect_uri validation - MAIF konnector uses the webserver flow without redirect_uri validation
- Orange konnector uses the client-side proxy but hosted on their own servers (/!\ redirect_uri vs redirect_url) - Orange konnector uses the client-side proxy but hosted on their own servers (/!\ redirect_uri vs redirect_url)
# Routes to be implemented
- [ ] `/accounts/redirect`
- [ ] `/accounts/:accountID/refresh`
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment