Protocols/WebAPI/Single Sign On to Web Pages: Difference between revisions
m (AD moved page Protocols/OSCAR/Sign On/Single Sign On to Web Pages to Protocols/WebAPI/Single Sign On to Web Pages: Changed URL structure) |
No edit summary |
||
Line 1: | Line 1: | ||
{{Protocols/WebAPI}} | {{Protocols/WebAPI}} | ||
Many AIM web pages require authentication before they will display protected content. Since the user has already authenticated to use the AIM client, we offer a service that allows the authentication to be transfered from the client to the web page. The API requires an URL be formed using the credentials from clientLogin and the destination URL and then signed. Full documentation can be found at [[Protocols/WebAPI/Auth/Client/client2web|client2web]] site. | |||
Here is a complete example of the single sign on process: | |||
== Step #1 - Form the client2Web URL == | |||
Just like startOSCARSession for authentication, client2Web needs an OAuth style URL signing which is described along with [[Protocols/WebAPI/Auth/Client|clientLogin]]. ''URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in [http://oauth.net/core/1.0/#sig_norm_param alphabetical order], and [http://oauth.net/core/1.0/#encoding_parameters percent-encoding] uses upper case characters.'' | |||
; [KEY] | |||
: Client key used with clientLogin - for this API the parameter is called devId instead of k | |||
; [TOKEN] | |||
: URI encoded token extracted from clientLogin | |||
; [DESTURL] | |||
: URI encoded destination URL to redirect to after establishing web authentication session | |||
; [TIME] | |||
: The current time in seconds since UNIX EPOCH | |||
<pre> | |||
$uri = "http://my.screenname.nina.bz/_cqr/login/login.psp"; | |||
$queryString = "a=[TOKEN]&destURL;=[DESTURL]&devId;=[KEY]&entryType;=client2Web&ts;=[TIME]"; | |||
$hashData= "GET&" . uri_encode($uri) . "&" . uri_encode($queryString); | |||
$digest = hmac_sha256_base64($hashData, $sessionKey); | |||
$url = $uri . "?" . $queryString . "&sig;_sha256=$digest"; | |||
</pre> | |||
== Step #2 - Launch a Browser == | |||
Using the URL from step one, launch the user's preferred browser with the URL. It is as simple as that. | |||
[[Category:Stub]] | [[Category:Stub]] |
Revision as of 11:30, 26 March 2020
WebAPI Protocol |
Basic |
Introduction |
Clients |
Whimsicals |
Host Interaction |
Flow |
Authentication |
• Client |
• WebApp |
Other Services |
• |
Foodgroups |
Many AIM web pages require authentication before they will display protected content. Since the user has already authenticated to use the AIM client, we offer a service that allows the authentication to be transfered from the client to the web page. The API requires an URL be formed using the credentials from clientLogin and the destination URL and then signed. Full documentation can be found at client2web site.
Here is a complete example of the single sign on process:
Step #1 - Form the client2Web URL
Just like startOSCARSession for authentication, client2Web needs an OAuth style URL signing which is described along with clientLogin. URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in alphabetical order, and percent-encoding uses upper case characters.
- [KEY]
- Client key used with clientLogin - for this API the parameter is called devId instead of k
- [TOKEN]
- URI encoded token extracted from clientLogin
- [DESTURL]
- URI encoded destination URL to redirect to after establishing web authentication session
- [TIME]
- The current time in seconds since UNIX EPOCH
$uri = "http://my.screenname.nina.bz/_cqr/login/login.psp"; $queryString = "a=[TOKEN]&destURL;=[DESTURL]&devId;=[KEY]&entryType;=client2Web&ts;=[TIME]"; $hashData= "GET&" . uri_encode($uri) . "&" . uri_encode($queryString); $digest = hmac_sha256_base64($hashData, $sessionKey); $url = $uri . "?" . $queryString . "&sig;_sha256=$digest";
Step #2 - Launch a Browser
Using the URL from step one, launch the user's preferred browser with the URL. It is as simple as that.