Protocols/WebAPI/Single Sign On to Web Pages: Difference between revisions

From NINA Wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
{{Protocols/WebAPI}}
{{Protocols/WebAPI}}


Many AIM web pages require authentication before they will display protected content. Since the user has already authenticated to use the AIM client, we offer a service that allows the authentication to be transfered from the client to the web page. The API requires an URL be formed using the credentials from clientLogin and the destination URL and then signed. Full documentation can be found at [[Protocols/WebAPI/Auth/Client/client2web|client2web]] site.


Here is a complete example of the single sign on process:
== Step #1 - Form the client2Web URL ==
Just like startOSCARSession for authentication, client2Web needs an OAuth style URL signing which is described along with [[Protocols/WebAPI/Auth/Client|clientLogin]]. ''URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in [http://oauth.net/core/1.0/#sig_norm_param alphabetical order], and [http://oauth.net/core/1.0/#encoding_parameters percent-encoding] uses upper case characters.''
; [KEY]
: Client key used with clientLogin - for this API the parameter is called devId instead of k
; [TOKEN]
: URI encoded token extracted from clientLogin
; [DESTURL]
: URI encoded destination URL to redirect to after establishing web authentication session
; [TIME]
: The current time in seconds since UNIX EPOCH
<pre>
$uri = "http://my.screenname.nina.bz/_cqr/login/login.psp";
$queryString = "a=[TOKEN]&destURL;=[DESTURL]&devId;=[KEY]&entryType;=client2Web&ts;=[TIME]";
$hashData= "GET&" . uri_encode($uri) . "&" . uri_encode($queryString);
$digest = hmac_sha256_base64($hashData, $sessionKey);
$url = $uri . "?" . $queryString . "&sig;_sha256=$digest";
</pre>
== Step #2 - Launch a Browser ==
Using the URL from step one, launch the user's preferred browser with the URL. It is as simple as that.


[[Category:Stub]]
[[Category:Stub]]

Revision as of 11:30, 26 March 2020

WebAPI Protocol
Basic
Introduction
Clients
Whimsicals
Host Interaction
Flow
Authentication
Client
WebApp
Other Services
Foodgroups

Many AIM web pages require authentication before they will display protected content. Since the user has already authenticated to use the AIM client, we offer a service that allows the authentication to be transfered from the client to the web page. The API requires an URL be formed using the credentials from clientLogin and the destination URL and then signed. Full documentation can be found at client2web site.

Here is a complete example of the single sign on process:

Step #1 - Form the client2Web URL

Just like startOSCARSession for authentication, client2Web needs an OAuth style URL signing which is described along with clientLogin. URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in alphabetical order, and percent-encoding uses upper case characters.

[KEY]
Client key used with clientLogin - for this API the parameter is called devId instead of k
[TOKEN]
URI encoded token extracted from clientLogin
[DESTURL]
URI encoded destination URL to redirect to after establishing web authentication session
[TIME]
The current time in seconds since UNIX EPOCH
$uri = "http://my.screenname.nina.bz/_cqr/login/login.psp";
$queryString = "a=[TOKEN]&destURL;=[DESTURL]&devId;=[KEY]&entryType;=client2Web&ts;=[TIME]";
$hashData= "GET&" . uri_encode($uri) . "&" . uri_encode($queryString);
$digest = hmac_sha256_base64($hashData, $sessionKey);
$url = $uri . "?" . $queryString . "&sig;_sha256=$digest";

Step #2 - Launch a Browser

Using the URL from step one, launch the user's preferred browser with the URL. It is as simple as that.