Created
June 27, 2011 19:51
-
-
Save mamund/1049659 to your computer and use it in GitHub Desktop.
Hypermedia OAuth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <!-- Hypermedia OAuth --> | |
| <head> | |
| <meta name="profile" content="http://amundsen.com/hypermedia/profiles/oauth" /> | |
| <!-- | |
| *** NOTES *** | |
| Based on Facebook dev notes on OAuth interactions : http://developers.facebook.com/docs/authentication/ | |
| This needs to be aligned w/ OAuth 2.0 docs : http://tools.ietf.org/html/draft-ietf-oauth-v2-16 | |
| *** state values *** | |
| -- client knows these ahead of time -- | |
| initial-uri << supplied by target server | |
| app-id << supplied by target server | |
| app-secret << supplied by app when signing up | |
| app-permissions << suplied by target server (optional) | |
| user-auth-redirect-url << supplied by app at runtime | |
| app-auth-redirect-url << supplied by app at runtime | |
| -- server returns these at runtime -- | |
| auth-code | |
| auth-token | |
| auth-expires | |
| -- bad stuff does happen sometimes -- | |
| error-code | |
| error-reason | |
| error-description | |
| --> | |
| <!-- | |
| *** typical workflow *** | |
| 1 - client makes call to server to get request-user-auth representation (initial URI) | |
| 2 - client fills in request-user-auth form and submits to server | |
| NOTE: upon submittal to server, server checks for user auth, handles any details there (i.e. login, etc.) and redirects to client | |
| 3 - server either returns error representation or user-auth representation (w/ request-app-auth form) | |
| 4 - client fills in request-app-auth form and submits to server | |
| 5 - server either returns error representation or app-auth representation | |
| 6 - client users app-auth state (app-token & app-expires) for subsequent requests | |
| --> | |
| </head> | |
| <body> | |
| <!-- initial request for user auth --> | |
| <form method="get" action="..." class="request-user-auth"> | |
| <input type="hidden" name="app-id" value="..." /> <!-- id of app asking for perms --> | |
| <input type="hidden" name="user-auth-redirect-url" value="..." /> <!-- redirect url after auth is completed --> | |
| <input type="hidden" name="app-permissions" value="" /> <!-- permissions you wish to gain semi-colon-sep list --> | |
| </form> | |
| <!-- general errors --> | |
| <div id="error"> | |
| <p class="error-code">...</p> | |
| <p class="error-reason">...</p> | |
| <p class="error-description">...</p> | |
| </div> | |
| <!-- user auth successful --> | |
| <div id="user-auth"> | |
| <p class="auth-code">...</p> | |
| </div> | |
| <!-- request for app auth --> | |
| <form mthod="get" action="..." class="request-app-auth"> | |
| <input type="hidden" name="app-id" value="..." /> | |
| <input type="hidden" name="auth-code" value="..." /> | |
| <input type="hidden" name="app-secret" value="..." /> | |
| <input type="hidden" nane="app-auth-redirect-url" value="..." /> | |
| </form> | |
| <!-- app auth successful --> | |
| <div id="app-auth"> | |
| <p class="auth-token">...</p> | |
| <p class="auth-expires">...</p> <!-- total number of seconds --> | |
| </div> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment