Class: MojioAuthSDK
| Defined in: | MojioAuthSDK.coffee |
| Inherits: | MojioModelSDK |
Overview
The authentication segment of the Mojio SDK. Authentication is accomplished through the use of a Mojio OAuth server. Consumer applications authenticate by redirecting to the OAuth server and waiting for a redirect back to the application's authentication return url. Once the authentication server has validated the user's credentials it passes back a token through the redirect url to the consumer application.
For server applications that have their own username and password within the Mojio API, the OAuth server provides a means to directly authenticate the server with it's credentials with a direct client-server request.
Examples:
mojioAuthSdk = new MojioSDK({sdk: MojioAuthSDK}) # instantiate the mojioSDK to do only authentication methods.Direct Known Subclasses
Instance Method Summary
- # (object) authorize(redirect_url, implicit = null) A method that authorizes access to a user's data.
- # (object) unauthorize(redirect_url, implicit = null) A method that un-authorizes access to a user's data, removing grants to data.
- # (object) token(redirect_url = null) A method that returns an authorization token after authorization has returned a code.
-
#
(object)
parse(return_url)
second half of authorization code flow, or parse of the return from the implicit flow
the authorization token returned from the authorization workflow is an object that has several fields, one of which is labeled "refresh_token".
- # (object) refresh(refresh_token) A method that refreshes an authorization token, gives it more active time.
- # (object) login() A method that specifies that when unauthorize is initiated, the user should be logged out of the application.
- # (object) consent() A method that specifies that when unauthorize is initiated, the application will no longer have access to the user's resources.
- # (object) loginAndConsent() A method that specifies that when unauthorize is initiated, the user should be logged out.
- # (object) prompt(prompt) A helper method to set the body of the REST uri for login and consent calls.
- # (object) scope(scopes) Set the scope of the authorization workflow.
- # (object) username(username) Set the username for a server side, resource owner 'password' authorization workflow.
- # (object) email(email) Set the email for a server side, resource owner 'password' authorization workflow.
- # (object) password(password) Set the password for a server side, resource owner 'password' authorization workflow.
- # (object) credentials(usernameOrEmail_or_credentials, password = null) This call is used to specify both username and password for an authorization workflow.
- # (object) with(usernameOrEmail_or_credentials, password = null) Synonym for the credentials() call.
- # (void) getToken()
Inherited Method Summary
Methods inherited from
MojioModelSDK
#setup #setCriteria #users #vehicles #mojios #trips #apps #groups #permissions #images #tags #details #histories #states #locations #mock
Instance Method Details
#
(object)
authorize(redirect_url, implicit = null)
A method that authorizes access to a user's data. There are two ways to authorize users, depending on whether the application is designed to be used by a consumer, or it is designed as a server that users trust to act on their behalf. Generally, this devides into two camps, client applications for consumers or server applications for enterprise applications. For client applications, the user is redirected to mojio's authorization server which will collect the user's password outside the application so that the user can give permission to or revoke permission from the application to use their data. For enterprise or server side applications, the user's password is known to the application and can be sent directly to the authorization server for verification. In both cases, the authorization server will return a token that will be used to access the user's data.
to the authorization server within a browser and returns a token in a document. app.get('/authCode', (req, res) ->
# step 1 of authorization code workflow.
sdk
.authorize(redirect_uri)
.scope(['full'])
.redirect(res)
)
Examples:
Browser based implicit flow authorization. Redirects the user to auth server.
sdk
.authorize(redirect_uri)
.scope(['full'])
.redirect( { redirect: (url) -> window.location = url } )
#
(object)
unauthorize(redirect_url, implicit = null)
A method that un-authorizes access to a user's data, removing grants to data. Parameters to this function oauth page retrieved as a result of the prompt specified.
Examples:
Log the user out, but keep permissions for this application
sdk.unauthorize("http://localhost:3000/callback").login().callback(...)Log the user out, and deny permissions for this application
sdk.unauthorize("http://localhost:3000/callback").login().consent().callback(...)
#
(object)
token(redirect_url = null)
A method that returns an authorization token after authorization has returned a code. Used in combination with 'parse', 'refresh', and 'password' to implement completion of an authorization workflow. Parse is used in conjunction with code and implicit flows, call authorize first, then after the redirect call token().parse(response). Password with token implements the 'password' authorization flow for server based authorization where the server is also the owner of the resources (the user account that will be accessing the vehicles, mojios, and trips for that user account and no one else). This would be token().password('username', 'password') and is done without a prior 'authorize' call. Refresh is used to refresh already active tokens, giving them an extended expiration timespan, token().refresh().
Examples:
Get the token after returning from a consumer application's redirect to the authorization server
sdk.token().parse(document.location.hash.match(/access_token=([0-9a-f-]{36})/)) )Get the token after returning from an implicit flow
sdk.token().parse(response).callback(...)Refresh the internal sdk stored token
sdk.token().refresh().callback(...)Refresh the an arbitrary token
sdk.token().refresh(some_token_object).callback(...)
#
(object)
parse(return_url)
second half of authorization code flow, or parse of the return from the implicit flow
the authorization token returned from the authorization workflow is an object that has several fields, one of which is labeled "refresh_token". All of this is cached in the sdk, but you can pass a valid refresh token in, a in a new token will be returned.
Examples:
Get the token after returning from a consumer application's redirect to the authorization server
sdk.token().parse(document.location.hash.match(/access_token=([0-9a-f-]{36})/)) )Get the token after returning from an implicit flow
sdk.token().parse(response).callback(...)
#
(object)
refresh(refresh_token)
A method that refreshes an authorization token, gives it more active time. Actually, a new token is returned when a refresh call is made.
the authorization token returned from the authorization workflow is an object that has several fields, one of which is labeled "refresh_token". All of this is cached in the sdk, but you can pass a valid refresh token in, a in a new token will be returned.
Examples:
Get the token after returning from a consumer application's redirect to the authorization server
sdk.token("http://localhost:3000/callback").refresh().callback(...)
#
(object)
login()
A method that specifies that when unauthorize is initiated, the user should be logged out of the application. The application will still have permission to access the user's resources when they log in again with 'authorize'.
Examples:
Log the user out and do not deny permissions, go to the oauth2 login prompt
sdk.unauthorize("http://localhost:3000/callback").login().callback(...)
#
(object)
consent()
A method that specifies that when unauthorize is initiated, the application will no longer have access to the user's resources.
Examples:
Deny permissions and go to the oauth2 consent prompt.
sdk.unauthorize("http://localhost:3000/callback").loginAndConsent().callback(...)
#
(object)
loginAndConsent()
A method that specifies that when unauthorize is initiated, the user should be logged out. The application will also be denied permission to access the user's resources when they log in again with 'authorize' unless permission is given by the user again. sdk.unauthorize("http://localhost:3000/callback").loginAndConsent().callback(...)
#
(object)
prompt(prompt)
A helper method to set the body of the REST uri for login and consent calls. Can be used instead of login, consent, or loginAndConsent calls
Examples:
Set the unauthorize chain to 'login' and 'consent'
sdk.unauthorize("http://localhost:3000/callback").prompt({prompt: 'consent, login'}).callback(...)
sdk.unauthorize("http://localhost:3000/callback").prompt('consent, login').callback(...)
sdk.unauthorize("http://localhost:3000/callback").prompt(['consent', 'login']).callback(...)
sdk.unauthorize("http://localhost:3000/callback").prompt('login').callback(...)
#
(object)
scope(scopes)
Set the scope of the authorization workflow. The user will be asked for consent of the given 'scope' for the application to have access to their resources.
#
(object)
username(username)
Set the username for a server side, resource owner 'password' authorization workflow.
#
(object)
email(email)
Set the email for a server side, resource owner 'password' authorization workflow.
#
(object)
password(password)
Set the password for a server side, resource owner 'password' authorization workflow.
#
(object)
credentials(usernameOrEmail_or_credentials, password = null)
This call is used to specify both username and password for an authorization workflow. username. In the case of an object, it's both username and password given in the following format: {username: '', password: ''}
#
(object)
with(usernameOrEmail_or_credentials, password = null)
Synonym for the credentials() call. username. In the case of an object, it's both username and password given in the following format: {username: '', password: ''}
#
(void)
getToken()