Authentication And Authorization

Authentication and Authorization

Contents

Introduction

Before you can use SdkClient, you must follow the OAuth 2.0 authorization code flow to gain access to the content stored in a user’s Verizon Personal Cloud Storage account. This is a two-step process: you must first obtain an authorization code, then exchange the authorization code for an access token and a refresh token.

NOTE: The Callback URL is case sensitive.

Authentication and Authorization API Calls

Authenticating Your Application

To authenticate your app,you need to update Key, Secret and callback URL in the connection.yml file to the values that you have obtained from Key Management when you registered your app.

app_key: xxxxxxxxxxxxxxxxxxxxx   # CONSUMER KEY
app_secret: xxxxxxxxxxxxxxxxxxxxx # CONSUMER SECRET

server: "xx.xxxxxx.xxx.xxxxx.xxxxxxxxxxx.xxx"

api_version: "xxxxx/x/"

NOTE: Refer to Getting Credentials to Use the Personal Cloud Storage APIs page in the API Developer Guide for information on how to register our app.

The OAuth 2.0 authorization is a two-step process which consists of calls to start and finish methods.

  1. Call the start method to start the OAuth 2.0 authorization process. The user is redirected to the authorization URL and is prompted to either grant or deny your app access to his or her Personal Cloud Storage content. When the user either approves or denies access, the user is redirected to the redirect_uri you provided to the constructor. The start method then saves the CSRF token to the session, and saves the csrf_token_session_key you have provided to the constructor.

  2. Call the finish method after the user has visited the authorize URL, approved your app, and has been redirected to the redirect URI. The finish method will check the CSRF token to prevent request forgery.

The following code samples will help you get started:

  1. Obtain the object which is used to call the authentication and authorization methods.

    /* Returns the object which is used to call the authentication and authorization methods. */
    def get_web_auth()
      return SdkOAuth2Flow.new(APP_KEY, APP_SECRET, url('/sdk-auth-finish'),
                     session, :sdk_auth_csrf_token)
    end
    
  2. Retrieve authorize-url and redirect the user to authorize your app.

    /* this is the first method to get the authorize url. It calls the method get_web_auth to create object. */
    get '/sdk-auth-start' do
      authorize_url = get_web_auth().start() 
      # Send the user to the  website so they can authorize our app.  After the user
      # authorizes our app, it will redirect them to our '/sdk-auth-finish' endpoint.
      redirect authorize_url
    end
    
  3. Obtain access token.

    /* this is the method to get the access_token. It calls the method get_web_auth to create object. */
         
    get '/sdk-auth-finish' do
      begin
        access_token, user_id, url_state = get_web_auth.finish(params)
      rescue SdkOAuth2Flow::BadRequestError => e
        return html_page "Error in OAuth 2 flow", "<p>Bad request to /sdk-auth-finish: #{e}</p>"
      rescue SdkOAuth2Flow::BadStateError => e
        return html_page "Error in OAuth 2 flow", "<p>Auth session expired: #{e}</p>"
      rescue SdkOAuth2Flow::CsrfError => e
        return html_page "Error in OAuth 2 flow", "<p>CSRF mismatch</p>"
      rescue SdkOAuth2Flow::NotApprovedError => e
        return html_page "Not Approved?", "<p>Why not, bro?</p>"
      rescue SdkOAuth2Flow::ProviderError => e
        return html_page "Error in OAuth 2 flow", "Error redirect from server: #{e}"
      rescue SdkError => e
        return html_page "Error in OAuth 2 flow", "<p>Error getting access token</p>"
      end
    
  4. Store the authorized SdkSession.

      # In this simple example, we store the authorized SdkSession in the session.
      # A real webapp might store it somewhere more persistent.
      session[:access_token] = access_token
      redirect url('/')
    end
    

Copyright © 2015-2017, Verizon and/or its Licensors. All rights reserved.