Protocols/WebAPI/Single Sign On to Web Pages
WebAPI Protocol |
Basic |
Introduction |
Clients |
Whimsicals |
Host Interaction |
Flow |
Authentication |
• Client |
• WebApp |
Other Services |
• |
Foodgroups |
Many AIM web pages require authentication before they will display protected content. Since the user has already authenticated to use the AIM client, we offer a service that allows the authentication to be transfered from the client to the web page. The API requires an URL be formed using the credentials from clientLogin and the destination URL and then signed. Full documentation can be found at client2web site.
Here is a complete example of the single sign on process:
Step #1 - Form the client2Web URL
Just like startOSCARSession for authentication, client2Web needs an OAuth style URL signing which is described along with clientLogin. URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in alphabetical order, and percent-encoding uses upper case characters.
- [KEY]
- Client key used with clientLogin - for this API the parameter is called devId instead of k
- [TOKEN]
- URI encoded token extracted from clientLogin
- [DESTURL]
- URI encoded destination URL to redirect to after establishing web authentication session
- [TIME]
- The current time in seconds since UNIX EPOCH
$uri = "http://my.screenname.nina.bz/_cqr/login/login.psp"; $queryString = "a=[TOKEN]&destURL;=[DESTURL]&devId;=[KEY]&entryType;=client2Web&ts;=[TIME]"; $hashData= "GET&" . uri_encode($uri) . "&" . uri_encode($queryString); $digest = hmac_sha256_base64($hashData, $sessionKey); $url = $uri . "?" . $queryString . "&sig;_sha256=$digest";
Step #2 - Launch a Browser
Using the URL from step one, launch the user's preferred browser with the URL. It is as simple as that.