OAuth 2 is an authorization framework that enables applications — such as Big6 for example — to obtain limited access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts a user account and authorizing third-party applications to access that user account. OAuth 2 provides authorization flows for web and desktop applications, as well as mobile devices.
OAuth defines four roles:
- Resource Owner: The resource owner is the user who authorizes an application to access their account. The application’s access to the user’s account is limited to the scope of the authorization granted (e.g. read or write access)
- Client: The client is the application that wants to access the user’s account. Before it may do so, it must be authorized by the user, and the authorization must be validated by the API.
- Resource Server: The resource server hosts the protected user accounts.
- Authorization Server: The authorization server verifies the identity of the user then issues access tokens to the application.
Here is a flowchart of the information flow between the above parties
Here is a more detailed explanation of the steps in the diagram:
- The application requests authorization to access service resources from the user
- If the user authorized the request, the application receives an authorization grant
- The application requests an access token from the authorization server (API) by presenting authentication of its own identity, and the authorization grant
- If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application. Authorization is complete.
- The application requests the resource from the resource server (API) and presents the access token for authentication
- If the access token is valid, the resource server (API) serves the resource to the application
Big6 oAuth2 Examples
Examples are based on Discord services. Discord is a popular messaging, media and social networking platform. Start with creating your own free account on discord https://discord.com
Example 1 – simplified. See below for more detailed example where you can generate your own values of the oAuth2 fields.
In this example we have done the preliminary work and all that left for you is to plug-in the information below in your Big6 HTTP Profile and create and run the HS4 event to see the result.
Here is the information you need to plug-in in your Big6 HTTP profile
Client ID: 911339647131611137
Client secret: sz4T59hSuQ3SXEGaT3CdI5DHlNXHSdTv
Authorize URL: https://discord.com/api/oauth2/authorize
Token URL: https://discord.com/api/oauth2/token
Redirect URL: http://xxxxxxxxxxxxxxxx/Big6/oauth2_callback.html, where xxxxxx is the IP address of your HS4 server where Big6 resides
Device name expression: “email”
Device value expression: JSON(input,”email”)
Press the button “REQUEST AUTHORIZATION” and a Discord web page should open allowing you to log-in with your Discord credentials and issue authorization for Big6 to access your private data, which for this example is your e-mail address.
Now that you are authorized to retrieve data from Discord let’s create HS4 event to get the data in HS4
Create HS4 event and choose Big6 HTTP action.
Select your Discord profile as a target of your action.
The content of the message should be this.
Run your event and Big6 will create a device for you in HS4 with name “email” and string (a.k.a. Status in HS4) “your e-mail address”
Example2 – detailed
In this example we will use Discord again, however we will show you how to obtain your own oAuth2 elements, that were provided ready made for you in Example 1.
Go to https://discord.com/developers/applications and select “New application” and give it any name (not Big6 please as it is taken). Click on your new application and look in the left pane of the new window that Discord will open for you. Select oAuth2 from this left pane. Now you see the information about your own
Copy them both and enter into your Big6 HTTP profile ( oAuth2 section)
While at Big6 HTTP profile (oAuth2 section) please copy the Redirect URL that should be preconfigured automatically by Big6 to http://xxxxxxxxxxx/Big5HS4/oauth2_callback.html If it is not pre-configured than set it at this address replacing xxxxxxxxx with your own IP address of your HS4 machine
Please copy the Redirect URL from the HTTP Big6 oAuth2 profile to the provided space at Discord page with your app’s oAuth2 info
In order to fill the box “scopes” in Big6 HTTP oAuth2 profile you need to select the scopes from the available scopes provided by Discord here
Separate the scopes by a space. We recommend using this for beginners
but you can play with other available scopes as well. Please note that they are case sensitive.
Press “REQUEST AUTHORISATION” button in your Big6 HTTP oAuth2 profile and provide the requested authorization at the Discord page that pops up. Proceed further as in Example 1.