Authentication and Authorization

Authentication and Authorization

Contents

Introduction

Verizon Personal Cloud Storage APIs use industry standard OAuth 2.0 protocol for authentication and authorization. OAuth 2.0 uses access tokens instead of Verizon Personal Cloud Storage account owner’s credentials to access Verizon Personal Cloud Storage user content. Each access token has specific, predefined scope and lifetime and is only issued with the approval of the account owner. The account owner can terminate the access at any time.

Basic Steps

Your app must follow the following basic steps when using OAuth 2.0:

  1. Obtain ThingSpace Platform Credentials.

    To begin, you must obtain ThingSpace platform credentials. You will need those credentials to authenticate your app with Verizon Cloud Authentication service.

  2. Establish Callback URL.

    In order to use Verizon Personal Cloud Storage APIs you must update your app’s information with Callback URL. Callback URL is an HTTP callback address where the authorization code is going to be sent.

    NOTE: Make sure that you take note of the exact spelling of the Callback URL as it is case sensitive. Your app must specify it exactly as you have entered it on your app’s registration form in Key Management.

  3. Obtain Authorization Code from Verizon Authentication Service.

    • Access to Verizon Personal Cloud Storage user content

    A Verizon Personal Cloud Storage account holder can choose to give your app access to the content stored in his or her Verizon Personal Cloud Storage account. Your app must first authenticate with Verizon Authentication service using your app’s Key and Secret. Verizon Authentication will then present the user with a request to grant your app access to the content stored in his or her Verizon Personal Cloud Storage account. If the user grants access, Verizon Authentication will issue access and refresh tokens.

    • Access Tokens

    An access token is a string representing authorization issued to your app by the Verizon Personal Cloud Storage account owner. Access tokens have specific duration of access which is enforced by the Verizon Authentication service. When an access token expires, your app will no longer be able to access Verizon Personal Cloud Storage user content.

    • Refresh Tokens

    Refresh tokens are credentials that your app can use to obtain new access tokens. Your app will receive a refresh token from the Verizon Cloud Authentication service each time an access token is issued. When the access token expires, your app can exchange the refresh token for a new access token with identical scope and permissions that have been authorized by the account owner.

  4. Refresh Access Token - When Necessary.

    Access tokens have limited lifetimes. If your application needs access to the Verizon Personal Cloud Storage user content beyond the lifetime of a single access token, it can use the refresh token to obtain a new access token. Refresh tokens will remain valid for 14 days unless the account owner decides to terminate your app’s access to his or her Verizon Personal Cloud Storage account.

    If the account owner uses your app at least once every 14 days, your app will be able to automatically refresh access tokens. Otherwise, if the account owner leaves the app idle for more than 14 days, the refresh token that has been used last will expire and the user will have to re-authorize your app’s access.

Detailed Flow

The following is the detailed OAuth 2.0 authentication and authorization flow:

OAuth 2.0 Detailed Flow

  1. Developer logs on to ThingSpace Developer Portal.
  2. Developer adds Key Set on Key Management web page.
  3. Developer receives unique Key and Secret from the Key Management.
  4. Developer updates the app’s name and callback URL.
  5. The app name and callback URL is updated on the Verizon Cloud servers.
  6. The app authenticates with the Verizon Cloud Authentication by making GET /oauth2/authorize call.
  7. Verizon Cloud Authentication presents authorization login screen for the app*.
  8. Verizon account holder enters credentials*.
  9. Verizon Cloud Authentication validates user’s credentials*.
  10. Verizon Cloud Authentication presents the user with the consent request screen for the app to access content stored in his or her Verizon Cloud account.
  11. The account holder grants consent.
  12. Verizon Cloud Authentication Service sends the authorization code to the app.
  13. The app makes a POST /token call to Cloud Authentication. Included in the query parameters are authorization code, client ID and client secret.
  14. Cloud Authentication returns access token and refresh token.
  15. App uses access token to access the user’s account. When the access token expires, the app uses the refresh token to obtain a new access token.

* If the Verizon account holders have Cloud Client installed on their mobile device, the app will use Verizon’s Cloud Authentication silent sign-on. The users will not be prompted to log on again and will be taken directly to the consent screen.

Users’ View

Once your app has been installed on the user’s device, the user will be able to manage your app’s access to the content stored in his or her Verizon Personal Cloud Storage account.

In order to grant you app access to the content stored in his or her Verizon Personal Cloud Storage account, the user will be directed to:

  1. Log on to his or her Verizon account.

    OAuth 2.0 Detailed Flow

    NOTE: If the user has Cloud Client installed on his or her Verizon Wireless issued 4G LTE mobile device and the app is using the SDK, the app will use Verizon’s Cloud Authentication silent sign-on. The user will not be prompted to log on and will be taken directly to the consent screen.

  2. The user must select Approve to grant your app access.

    OAuth 2.0 Detailed Flow

Revoking Access

Verizon Personal Cloud Storage account holder can revoke your app’s access to their account at any time. Both access token and refresh token will be revoked at the same time.

In order to revoke you app’s access to their Verizon Personal Cloud Storage account, the users will have to:

  1. Launch Cloud Client.
  2. Display the menu by pressing three red bars on the upper left hand corner.
  3. Select Settings.
  4. Select Apps Using Cloud.
  5. Select Remove to revoke access for the selected app.

OAuth 2.0 Detailed Flow

Copyright © 2015-2017, Verizon and/or its Licensors. All rights reserved.