|
|
| (2 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| | {{Protocols/WebAPI}} | | {{Protocols/WebAPI}} |
| − |
| |
| − | Desktop clients usually want to authenticate users and obtain security tokens that they can use to access other Services on behalf of the users. A typical example is an desktop instant messaging client trying to authenticate a user and connect to the user's Instant messaging service to send and receive messages.
| |
| − |
| |
| − | NINA OpenAuth APIs provide a new method called "clientLogin", to allow clients to authenticate NINA/AIM/ICQ users securely and obtain an authentication token that can be used to access NINA Open Services like [[Protocols/WebAPI/Clients#WebAIM|WebAIM]].
| |
| − |
| |
| − | As illustrated in the diagram below, this can be done using NINA OpenAuth Service in 2 steps - authenticate the user using the "clientLogin" request and then make a Service Request on behalf of the user using the security token obtained from the "clientLogin" request.
| |
| − |
| |
| − | [[File:WebAPI_Auth_Clients.png]]
| |
| − |
| |
| − | Building a Desktop Client using "clientLogin" method involves implementing the following three easy steps:
| |
| − |
| |
| − | # Use "clientLogin" to verify user login credentials and obtain token & session Secret.
| |
| − | # Using the user's password (collected as part of step 1) as key, generate a hmac_sha256 of the session secret and base64 encode it - we call it SessionKey
| |
| − | #* Session Key = base64_encode[HMAC-SHA256(key, data)] where key is the user's password and data is the session secret obtained from clientLogin response.
| |
| − | #* Please make sure the Session Key string value (base64 encoded value) is properly padded with '=' sign.
| |
| − | #* '''Example:''' if a user's password is "test" and the session secret from OpenAuth 'clientLogin' response is "Olpq7NboSbO0gxym", then the Session Key would be base64_encode[HMAC-SHA256("test", "Olpq7NboSbO0gxym")] = "pgBumyiK1xwvjLjcDLRCW7/LySPp+DUXQ3PpDU3c84w="
| |
| − | # Using the Session Key sign all the Open Services requests (the only services that supports clientLogin tokens at this point are WIM and OpenMail).
| |
| − |
| |
| | | | |
| | | | |
| Line 24: |
Line 6: |
| | [[Category:AIM]] | | [[Category:AIM]] |
| | [[Category:Protocols/WebAPI]] | | [[Category:Protocols/WebAPI]] |
| | + | [[Category:Protocols/WebAPI/Auth]] |
| | + | [[Category:Protocols/WebAPI/Auth/Client]] |
| | [[Category:Work_In_Progress]] | | [[Category:Work_In_Progress]] |
