Octoblu / Meshblu OAuth
Getting Started
OAuth allows your application to make authenticated requests on behalf of a user.
You will need to register your application with Octoblu to get started.
Example Server
Checkout octoblu/octoblu-oauth-server-example for a working example using Octoblu OAuth.
Register an Application
To register a new OAuth application with Octoblu, first you will create an OAuth device.
Visit the Things page to add a new Thing. Select OAuth Application
.
![Screenshot 2015-07-27 11.59.32.png 2432](https://files.readme.io/qzMOjpjPT22RuhgkG3Ie_Screenshot%202015-07-27%2011.59.32.png)
Give your OAuth Application a name, this is for your reference and will not be shown to your users.
![Screenshot 2015-07-27 12.00.42.png 2426](https://files.readme.io/hTCefcv7QPGR2MwnPVcP_Screenshot%202015-07-27%2012.00.42.png)
Fill in the properties. name
and imageUrl
will be shown to your users. callbackUrl
must match the callback URL provided in the OAuth request.
![Screenshot 2015-07-27 12.02.07.png 2422](https://files.readme.io/NAFbFsTpQXOQmuRQqEYV_Screenshot%202015-07-27%2012.02.07.png)
You will need the UUID and Token for your application. Click Generate Token
to get a new token.
The UUID
will be your Client ID
and Token
is your Client Secret
.
![Screenshot 2015-07-27 12.02.37.png 2424](https://files.readme.io/K5bcJnG9TwWI8ZihYDGP_Screenshot%202015-07-27%2012.02.37.png)
In order for a user to OAuth with your application, you must allow it to be discoverable by Everything.
![Screenshot 2015-07-27 12.02.20.png 2428](https://files.readme.io/ohLDEkBnSW2UsOasAaZ8_Screenshot%202015-07-27%2012.02.20.png)
OAuth Request
All Octoblu OAuth requests are made using https://oauth.octoblu.com/
.
/authorize
This endpoint takes the user to app.octoblu.com to authorize your app and redirects back with either a 'code' or 'token'.
Name | Type | Description |
---|---|---|
client_id | string | The Client ID (UUID ) you received when you created your application |
redirect_uri | string | The callbackUrl you entered when you created your application |
response_type | string | code or token Note: Returns base64 'code' or 'access_token' |
/access_token
Octoblu will redirect back to your application with a temporary code
. Use this to exchange for a token.
Name | Type | Description |
---|---|---|
client_id | string | Required. The Client ID (UUID ) you received when you created your application. |
client_secret | string | Required. The Client Secret (Token ) you received when you created your application. |
code | string | The code you received from Octoblu |
redirect_uri | string | The callbackUrl you entered when you created your application |
grant_type | string | Required. Supports authorization_code , client_credentials , or refresh_token |
Response
access_token=e72e16c7e42f292c6912e7710c838347ae17=
Using the token
curl -H "Authorization: bearer e72e16c7e42f292c6912e7710c838347ae17=" -H "Content-Type: application/json" https://meshblu.octoblu.com/v2/whoami
Redirect URIs
The redirect_uri parameter is required. The redirect URL’s host and port must exactly match the callback URL. The redirect URL’s path must reference a subdirectory of the callback URL.
callbackUri: http://example.com/some/path
GOOD: http://example.com/some/path
GOOD: http://example.com/some/path/subdir/other
BAD: http://example.com/path
BAD: http://example.com/some
BAD: http://example.com/
BAD: http://example.com:8080/some/path
BAD: http://oauth.example.com:8080/some/path
BAD: http://example.org