Details provided to LIFX:
- The
redirect_uri
for your application
Details provided by LIFX:
- The
client_id
andclient_secret
for your app - The authorization URL
- The token URL
- The scope to request
The Authorization URL is:
https://cloud.lifx.com/oauth/authorize
You should make a GET request to this URL with the following information in the request parameters:
Name | Type | Description |
---|---|---|
client_id | string | The Token you were provided for your application. |
scope | string | The scope you were told to use. Eg. remote_control:all . |
state | string | A random unguessable string to prevent CSS attacks. |
response_type | string | Must be set to code , per the OAuth2 specification. |
At this page the user will be asked to login if they haven't yet, and then they will be asked to give permissions to your application.
Once the user makes the decision they will be redirected to the redirect_uri
that you provided us, with the results of the decision. The following will be provided as URL parameters:
Name | Type | Description |
---|---|---|
code | string | A code that can be exchanged for a users access token. |
state | string | Should be the same as the provided state parameter, otherwise reject the request. |
The token URL is:
https://cloud.lifx.com/oauth/token
To exchange the code for a users access token a POST should be made to this URL with the following parameters:
Name | Type | Description |
---|---|---|
client_id | string | The Token you were provided for your application. |
client_secret | string | The Secret Token you were provided for your application. |
code | string | The code you received in the previous step (Step 2). |
grant_type | string | Must be set to authorization_code . |
The response from this request will be a JSON object containing the access token. An example response may look like this:
{
"access_token": "c52826c87adfa1aa5cc85c87df245e2afdd4bb6c361687bd29869432470cc68d",
"refresh_token": "c523f5f66b6b25e050a8fbe26c2eff784e4ecb803e527e5859d3ed009c4db6bc",
"token_type": "Bearer"
}
You can now use the access_token
as described in the HTTP API Authentication Documentation.
Documentation on exchanging the code for an access token should mention the need for this additional parameter:
grant_type | string | authorization_code
Also should document the process of refreshing tokens.