@@ -104,6 +104,8 @@ Regarding Enedis, two endpoints are exposed:
...
@@ -104,6 +104,8 @@ Regarding Enedis, two endpoints are exposed:
On success, response will contain **access_token** or **refresh_token**, **usage_point_id** among other things. All informations will be stored by the cozy-stack in a cozy-accounts database.
On success, response will contain **access_token** or **refresh_token**, **usage_point_id** among other things. All informations will be stored by the cozy-stack in a cozy-accounts database.
### Grdf Adict
### Cozy Oauth Protocol
### Cozy Oauth Protocol
!!! info "cozy oauth flow documentation"
!!! info "cozy oauth flow documentation"
...
@@ -169,9 +171,9 @@ If the token request is a success. An account/service-name database will be adde
...
@@ -169,9 +171,9 @@ If the token request is a success. An account/service-name database will be adde
The Oauth dance could be easily wrapped up with the two requests seen above. But since Ecolyo is an application hosted on multiple personnal clouds, following this guideline would mean that we need a **client_id** and a **client_secret** for each one of all the applications running.
The Oauth dance could be easily wrapped up with the two requests seen above. But since Ecolyo is an application hosted on multiple personnal clouds, following this guideline would mean that we need a **client_id** and a **client_secret** for each one of all the applications running.
To answer this issue, two solutions are possible depending on what the supplier is willing to do.
To answer this issue, two solutions are possible depending on what the energy supplier is willing to do.
-Enedis could allow wildcard subdomains when registering the callback URI, it would parse the subdomain and adapt its redirection when answering **/auth** call.
-Providers could allow wildcard subdomains when registering the callback URI, it would parse the subdomain and adapt its redirection when answering **/auth** call.
Exemple:
Exemple:
...
@@ -180,7 +182,7 @@ Exemple:
...
@@ -180,7 +182,7 @@ Exemple:
xyz.cozygrandlyon.cloud/account/redirect -> redirect to xyz
xyz.cozygrandlyon.cloud/account/redirect -> redirect to xyz
toto.cozygrandlyon.cloud/account/redirect -> redirect to toto
toto.cozygrandlyon.cloud/account/redirect -> redirect to toto
- If the supplier (Enedis) is not accepting wildcards, then we put a proxy as a middleware to provide a generic endpoint to cater for all Oauth2 redirections.
- If the provider (Enedis for instance) is not accepting wildcards, then we put a proxy as a middleware to provide a generic endpoint to cater for all Oauth2 redirections.
#### Result
#### Result
...
@@ -190,11 +192,11 @@ With that in mind, the proxy is now the one calling the auth and token endpoints
...
@@ -190,11 +192,11 @@ With that in mind, the proxy is now the one calling the auth and token endpoints
- One for the auth (called by the cozy-stack)
- One for the auth (called by the cozy-stack)
- One for the token (also called by the cozy-stack)
- One for the token (also called by the cozy-stack)
- One for the redirect_uri (called by the service provider, Enedis)
- One for the redirect_uri (called by the service provider)
@@ -208,22 +210,28 @@ It is composed of three endpoints as seen above. The first endpoint to be called
...
@@ -208,22 +210,28 @@ It is composed of three endpoints as seen above. The first endpoint to be called
#### auth
#### auth
Originally called from a cozy-stack trying to setup its enedis konnector. The proxy gets this informations from the query:
Originally called from a cozy-stack trying to setup its konnector. The proxy gets this informations from the query:
- clientId
- clientId
- state (as it was conceived by the cozy-stack)
- state (as it was conceived by the cozy-stack)
- redirect_uri (**will be used later to trace back the stack**)
- redirect_uri (**will be used later to trace back the stack**)
With all these informations, the proxy can contact enedis **/auth** endpoint to start the oauth dance.
With all these informations, the proxy can contact the provider **/auth** endpoint to start the oauth dance.
##### Enedis
!!! warning "note"
!!! warning "note"
See that a new composed state is sent to enedis, it is made of the former state conceived by the cozy-stack + the cozyOrigin instance name. This will be usefull when enedis is leading the oauth dance to the next step and we will need the name of the cozy to answer.
See that a new composed state is sent to enedis, it is made of the former state conceived by the cozy-stack + the cozyOrigin instance name. This will be usefull when enedis is leading the oauth dance to the next step and we will need the name of the cozy to answer.
Once the call is sent, enedis will point to the **/redirect** endpoint.
Once the call is sent, enedis will point to the **/redirect** endpoint.
##### Grdf
> To be redacted
#### redirect
#### redirect
Retrieve the *code*, *usage_point_id*, and*state* answered by Enedis.
Retrieve the *code*, *usage_point_id*, and*state* answered by Enedis.
Split the customed state that was modified in the **/auth** process. From this split it creates two variables :
Split the customed state that was modified in the **/auth** process. From this split it creates two variables :
...
@@ -236,7 +244,7 @@ Finally redirect all these parameters in a query to the cozy-stack (the cozy-sta
...
@@ -236,7 +244,7 @@ Finally redirect all these parameters in a query to the cozy-stack (the cozy-sta
Gathering from query or parameters all params.
Gathering from query or parameters all params.
Sends a post request to enedis /token endpoint.
Sends a post request to the provider /token endpoint.
The stack will store the response params in a *accounts* couchdb database.
The stack will store the response params in a *accounts* couchdb database.
