4. Authorization¶
- W2E User can authorize 3rd party application to access his/her data.
- Authorization is based on OAuth 2.0.
4.1. Overview¶
- Application redirects user to W2E authorization page.
- User gives authorization and is redirected back to application page with ‘code’
- Application backend exchanges ‘code’ for ‘access_token’
- Application can make requests to W2E using ‘access_token’
Parameter | Description |
---|---|
redirect_uri | Uri the user is redirected to after authorization |
code | Redirect back to application page includes ‘code’ |
client_id | ID for you application |
client_secret | Secret for your application |
access_token | Token used to access user account |
refresh_token | Token used to renew access_token |
username | User identifier |
4.2. Access_token¶
4.2.1. Step 1 - User wants to link W2E¶
- User clicks “authorization to W2E”-link in application.
4.2.2. Step 2 - Authorization link¶
- Application backend requests authorization link from W2E.
method | HTTP POST |
uri | https://w2e.fi/oauth/request |
header | “Content-Type: application/json” |
json parameter | description |
---|---|
client_id | ID for you application |
client_secret | Secret for your application |
Curl example:
curl -X POST https://w2e.fi/oauth/request -H "Content-Type: application/json" -d '{"client_id":"XHaeSTbLr1dusWvH","client_secret":"3qCtNaUIH0x11HGjY1Kp9HrdOprT5uRFOeSMFbmqC9WQ6kWcZAzQ44lA0IyIWF6q"}'
Response example:
{"authorize_url": "https://w2e.fi/oauth/authorize?request_token=DtOGjqrDSYDP1M4F78YrT6UkQOC1aqHb"}
4.2.3. Step 3 - User is directed to W2E¶
- User is directed to W2E ‘authorizate_url’.
4.2.4. Step 4 - User gives authorization¶
- User is shown authorization page on W2E.
- User enters email & password and clicks ‘Allow’
4.2.5. Step 5 - Redirect back to application¶
User is redirected back to ‘redirect_uri’ with code:
{redirect_uri}?code={code}
4.2.6. Step 6 - Exchange ‘code’ for ‘access_token’¶
- ‘Code’ is exchanged for ‘access_token’ and ‘refresh_token’
method | HTTP POST |
uri | https://w2e.fi/oauth/access_token |
header | “Content-Type: application/json” |
json parameter | description |
---|---|
client_id | ID for you application |
client_secret | Secret for your application |
code | Redirect back to application page includes ‘code’ |
Curl example:
curl -X POST https://w2e.fi/oauth/access_token -H "Content-Type: application/json" -d '{"client_id":"XHaeSTbLr1dusWvH","client_secret":"3qCtNaUIH0x11HGjY1Kp9HrdOprT5uRFOeSMFbmqC9WQ6kWcZAzQ44lA0IyIWF6q","code":"k9NCV29HIpOCt6sa"}'
Response example:
{"access_token": "W9b4LxzjDM2YMHlQq01CNvPpSy6KPVRF", "username": "krvgklmqxonttfjx", "expires": "2015-08-26T09:22:17Z", "refresh_token": "yLeRVGbX0EhiJG4aYN7dcMR0udMb3ZWrRjILs1gGLLNArUFOptJRzmy5t90jmC7Z"}