Skip to content

Instantly share code, notes, and snippets.

@smarthall

smarthall/README.md Secret

Last active November 16, 2019 08:59
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save smarthall/b6977ce828dd786e2802 to your computer and use it in GitHub Desktop.
Save smarthall/b6977ce828dd786e2802 to your computer and use it in GitHub Desktop.
Download ZIP
LIFX OAuth Integration Guide
Raw
README.md

Things you will need

Details provided to LIFX:

  • The redirect_uri for your application

Details provided by LIFX:

  • The client_id and client_secret for your app
  • The authorization URL
  • The token URL
  • The scope to request

Obtaining Credentials for a User

1. Open the Authorization page

The Authorization URL is:

https://cloud.lifx.com/oauth/authorize

You should make a GET request to this URL with the following information in the request parameters:

Name Type Description
client_id string The Token you were provided for your application.
scope string The scope you were told to use. Eg. remote_control:all.
state string A random unguessable string to prevent CSS attacks.
response_type string Must be set to code, per the OAuth2 specification.

At this page the user will be asked to login if they haven't yet, and then they will be asked to give permissions to your application.

2. LIFX redirects to your redirect URL

Once the user makes the decision they will be redirected to the redirect_uri that you provided us, with the results of the decision. The following will be provided as URL parameters:

Name Type Description
code string A code that can be exchanged for a users access token.
state string Should be the same as the provided state parameter, otherwise reject the request.

3. Exchange the code for the users Access Token.

The token URL is:

https://cloud.lifx.com/oauth/token

To exchange the code for a users access token a POST should be made to this URL with the following parameters:

Name Type Description
client_id string The Token you were provided for your application.
client_secret string The Secret Token you were provided for your application.
code string The code you received in the previous step (Step 2).
grant_type string Must be set to authorization_code.

The response from this request will be a JSON object containing the access token. An example response may look like this:

{
    "access_token": "c52826c87adfa1aa5cc85c87df245e2afdd4bb6c361687bd29869432470cc68d",
    "refresh_token": "c523f5f66b6b25e050a8fbe26c2eff784e4ecb803e527e5859d3ed009c4db6bc",
    "token_type": "Bearer"
}

You can now use the access_token as described in the HTTP API Authentication Documentation.

@tmyersjstar
Copy link

Documentation on exchanging the code for an access token should mention the need for this additional parameter:

grant_type | string | authorization_code

Also should document the process of refreshing tokens.

@smarthall
Copy link
Author

@tmyersjstar Thanks, I'll update it now.

Access tokens do not need to be refreshed, they remian valid until they are revoked by the user or LIFX.

@mreinstein
Copy link

@smarthall

Access tokens do not need to be refreshed, they remian valid until they are revoked by the user or LIFX.

why does lifx provide a refresh token in it's response?

I do a POST to https://cloud.lifx.com/oauth/token?grant_type=authorization_code&code=...
I then get this as a response body:

{
  "access_token": "99bc3cdd756181157a1e2c1fa53171a2acbd70c8204be72db0faba4a826f844e",
  "token_type": "Bearer",
  "refresh_token": "aaaf6595ba30f4168b0dfba84f302fegg2d7178b5d45562d31ef8fc4e4455ecc"
}

Any ideas?

@smarthall
Copy link
Author

@mreinstein We only provide this token for legacy reasons, it can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment