Octoblu / Meshblu OAuth

Getting Started

OAuth allows your application to make authenticated requests on behalf of a user.

You will need to register your application with Octoblu to get started.

Example Server

Checkout octoblu/octoblu-oauth-server-example for a working example using Octoblu OAuth.

Register an Application

To register a new OAuth application with Octoblu, first you will create an OAuth device.

Visit the Things page to add a new Thing. Select OAuth Application.


Give your OAuth Application a name, this is for your reference and will not be shown to your users.


Fill in the properties. name and imageUrl will be shown to your users. callbackUrl must match the callback URL provided in the OAuth request.


You will need the UUID and Token for your application. Click Generate Token to get a new token.

The UUID will be your Client ID and Token is your Client Secret.


In order for a user to OAuth with your application, you must allow it to be discoverable by Everything.


OAuth Request

All Octoblu OAuth requests are made using https://oauth.octoblu.com/.


This endpoint takes the user to app.octoblu.com to authorize your app and redirects back with either a 'code' or 'token'.

client_idstringThe Client ID (UUID) you received when you created your application
redirect_uristringThe callbackUrl you entered when you created your application
response_typestringcode or token

Note: Returns base64 'code' or 'access_token'


Octoblu will redirect back to your application with a temporary code. Use this to exchange for a token.

client_idstringRequired. The Client ID (UUID) you received when you created your application.
client_secretstringRequired. The Client Secret (Token) you received when you created your application.
codestringThe code you received from Octoblu
redirect_uristringThe callbackUrl you entered when you created your application
grant_typestringRequired. Supports authorization_code, client_credentials, or refresh_token



Using the token

curl -H "Authorization: bearer e72e16c7e42f292c6912e7710c838347ae17=" -H "Content-Type: application/json" https://meshblu.octoblu.com/v2/whoami

Redirect URIs

The redirect_uri parameter is required. The redirect URL’s host and port must exactly match the callback URL. The redirect URL’s path must reference a subdirectory of the callback URL.

callbackUri: http://example.com/some/path

GOOD: http://example.com/some/path
GOOD: http://example.com/some/path/subdir/other
BAD:  http://example.com/path
BAD:  http://example.com/some
BAD:  http://example.com/
BAD:  http://example.com:8080/some/path
BAD:  http://oauth.example.com:8080/some/path
BAD:  http://example.org