Difference between revisions of "OAuth 2.0"

From SoFurry
Jump to: navigation, search
(Authorization types (Grant types))
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
<div style="float:right">__TOC__</div>
 
SoFurry uses OAuth 2.0 to provide authorized access to its API.
 
SoFurry uses OAuth 2.0 to provide authorized access to its API.
  
[[File:OAuth2_logo.png|200px|thumb|left]]
+
[[File:OAuth2_logo.png|200px]]
 +
 
 +
== Features ==
 +
*'''Secure:'''
 +
::Users are not required to share their passwords with 3rd party applications, increasing account security.
 +
*'''Standard:'''
 +
::A wealth of client libraries and example code are compatible with SoFurry's OAuth implementation.
 +
*'''Easy:'''
 +
::Using OAuth is easy for both users and developers. All a user has to do to grant access to a certain application is to click on the "Authorize" button on SoFurry when asked.
 +
 
 +
== Authorization types (Grant types) ==
 +
SoFurry supports multiple grant types:
 +
 
 +
*'''Authorization code'''
 +
*'''Client credentials'''
 +
*'''User credentials'''
 +
 
 +
Though, to provide better security, only the "Authorization code" and "Client credential" type can be used by 3rd-party developers.
 +
 
 +
Furthermore, SoFurry also supports refresh tokens.
 +
 
 +
 
 +
For a complete tutorial on how to connect to the SF API, look here: [[Tutorial: Connecting to the SoFurry API]]
 +
 
 +
== SoFurry and OAuth 2.0 ==
 +
The '''SoFurry OAuth endpoints''' can be reached under:
 +
 
 +
*'''Authorization endpoint''' (Auth server): https://www.sofurry.com/auth/authorize
 +
*'''Token endpoint''' (Auth server): https://www.sofurry.com/auth/token
 +
 
 +
The '''resource server URLs''' (for API v3) can be found here: [[:Category:REST API calls|SoFurry API calls]]
 +
 
 +
== Authorization code request flow ==
 +
[[File:OAuth Auth code flow.png]]
 +
 
 +
 
 +
== Client credentials request flow ==
 +
[[File:OAuth Client credentials flow.png]]

Latest revision as of 10:13, 6 March 2016

SoFurry uses OAuth 2.0 to provide authorized access to its API.

Error creating thumbnail: File missing

Features

  • Secure:
Users are not required to share their passwords with 3rd party applications, increasing account security.
  • Standard:
A wealth of client libraries and example code are compatible with SoFurry's OAuth implementation.
  • Easy:
Using OAuth is easy for both users and developers. All a user has to do to grant access to a certain application is to click on the "Authorize" button on SoFurry when asked.

Authorization types (Grant types)

SoFurry supports multiple grant types:

  • Authorization code
  • Client credentials
  • User credentials

Though, to provide better security, only the "Authorization code" and "Client credential" type can be used by 3rd-party developers.

Furthermore, SoFurry also supports refresh tokens.


For a complete tutorial on how to connect to the SF API, look here: Tutorial: Connecting to the SoFurry API

SoFurry and OAuth 2.0

The SoFurry OAuth endpoints can be reached under:

The resource server URLs (for API v3) can be found here: SoFurry API calls

Authorization code request flow

OAuth Auth code flow.png


Client credentials request flow

OAuth Client credentials flow.png