/tg/ OAuth2.0 User API Documentation

(Mainly the wiki)
Post Reply
User avatar
MrStonedOne
Host
Joined: Mon Apr 14, 2014 10:56 pm
Byond Username: MrStonedOne
Github Username: MrStonedOne

/tg/ OAuth2.0 User API Documentation

Post by MrStonedOne » #617798

This is early stages. Oauth application registration requires a manual process only I can do, a self serve system may or may not get coded at some later point in time.

Basic details: (for people who know how to use OAuth apis)

Code: Select all

Auth endpoint: https://tgstation13.org/phpBB/app.php/tgapi/oauth/auth
Token endpoint: https://tgstation13.org/phpBB/app.php/tgapi/oauth/token
User endpoint: https://tgstation13.org/phpBB/app.php/tgapi/user/me
(Warning, per the oauth2 spec, attempting to double spend the initial authorization code grant invalidates the entire authorization grant and all tokens/refresh tokens issued by it, as an additional security matter, the same applies to refresh tokens)
  • Token format: bearer (length between 40 and 50 characters currently, never more than 255 in the future, but even 128 would be stretching it)
  • Token TTL: app defined.
  • Token endpoint supports url-form-encoded and json encoded POST bodies.
  • Token endpoint does NOT support authorization header client authentication (pass it in as client_id and client_secret via the post body or json body)
  • Refresh tokens: Supported, Single use rotating refresh tokens.
  • Redirect_uris must be pre-registered and must exactly match. if provided to any of the oauth endpoints, it will be validated against the registered redirect uri, but is optional.
Scopes:
► Show Spoiler
For more info on how to interface with OAuth2 apis, see this page: https://aaronparecki.com/oauth-2-simplified

User endpoint:

https://tgstation13.org/phpBB/app.php/tgapi/user/me

Only bearer token authorization is supported. (see here for more details)

Response(json):
► Show Spoiler
Group type:
► Show Spoiler
Forum/Wiki Administrator, Server host, Database King, Master Coder
MrStonedOne on digg(banned), Steam, IRC, Skype Discord. (!vAKvpFcksg)
Image
User avatar
bobbahbrown
Joined: Mon Nov 10, 2014 1:04 am
Byond Username: Bobbahbrown
Location: canada
Contact:

Re: /tg/ OAuth2.0 User API Documentation

Post by bobbahbrown » #617965

for those who might be interested in using this in an ASP.NET 5.0 (or greater) project, i have created an easy-to-use oauth handler for /tg/station. you can find it on nuget at Tgstation.Auth, or alternatively on GitHub here.

once you get a client ID registered with MSO, it is as simple as adding a dependency on that package and using the extension methods like in the following example...

Code: Select all

services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = TgDefaults.AuthenticationScheme;
    })
    .AddCookie()
    .AddTgstation(options =>
    {
        var tgAuthSection = Configuration.GetSection("Authentication:Tgstation");
        options.ClientId = tgAuthSection["ClientId"];
        options.ClientSecret = tgAuthSection["ClientSecret"];
        options.Scope.Add("user.details");
        options.Scope.Add("user.groups");
    });
best wishes,
bobbah 'bee' brown
Image
Image
Image
Image
Image
Image

The information contained in this post is intended only for the individual or entity to whom it is addressed. Its contents (including any attachments) may contain confidential and/or privileged information. If you are not an intended recipient, you may not use, disclose, disseminate, copy or print its contents. If you received this post in error, please notify the sender by reply post and delete and destroy the message.

L’information contenue dans ce message est destinée exclusivement aux personnes ou aux entités auxquelles le message est adressé. Le contenu de ce message (y compris toute pièce jointe) peut renfermer de l’information confidentielle et / ou privilégiée. Si ce message ne vous est pas destiné, vous ne pouvez utiliser, divulguer, diffuser, copier ou imprimer son contenu. Si vous avez reçu ce message par erreur, veuillez aviser l’expéditeur en lui faisant parvenir une réponse. De plus, veuillez supprimer et détruire le message.
Post Reply

Who is online

Users browsing this forum: No registered users