GETTING STARTED OAUTH 2.0

OAuth2 allows a space administrator to securely give 3rd party applications access to the information contained within their space.

Similar to how some cars allow you to issue a special key to a 3rd party (eg car service agent) that allows them to start the car, but not open the boot etc.

It is a natural extension to the mydigitalstructure Other User Access functionality.  The difference being that rather than you having to generate the access rights and associated token – the 3rd party application can initiate it and with your authentication, have the access token securely returned to the 3rd party application for storage and future use.

During this process you can confirm what they have access to – with the understanding that you can disable the access at any time.

About OAuth2.0


EXAMPLE

Allowing a specialist eNews website to access your contacts data.

Assumptions:
The eNews website has set up access to the mydigitalstructure platform i.e. it is itself a user so it can authenticate itself onto the platform.

Example Steps as User:

1 Sign up to the eNews website
2 Select “Get data from mydigitalstructure.com” – which goes to /oauth2 page.
3 A logon page will then be shown, if not already logged on.
4 After successful logon, a confirmation page will be shown with the access permissions that the application is requesting
5 Click Allow or Deny.
6 The eNews website application now has access to the information it needs.


DEVELOPING


Developing an application that accesses a mydigitalstructure space or in more general terms the “business graph”.

As a developer (assuming you have signed up and have a user id):

Step 1:

You need register your post access or deny redirect URI using:

/ondemand/setup/?method=SETUP_OAUTH2_URI_MANAGE&uri=[your uri]

You will be returned the client_id parameter that you need store for later use.

Step 2:

Work out the scope of the access you need eg the method calls you want to be able to do.

&scope=endpoint_contact,endpoint_news

Scope options:

endpoint_contact
endpoint_project
endpoint_financial
endpoint_document
endpoint_news
endpoint_event
endpoint_opportunity


You can also pass &state= which will be passed back when redirected to your registered URL.

Step 2:

Direct the user from your site to /oauth2/?client_id=[your clientid]&scope=[your scope]&state=[optional state information] – the user then logs on and can see the scope of your request.

Step 3:

If the user accepts your request then a redirect is sent to your specified url with the &code= appended.

Step 4:

Authenticate with your credentials and the code for final authorisation using:

/ondemand/core/?method=CORE_OAUTH2_MANAGE&code=[your code]

A token will then be returned to you that you can store and use to access the users space, as &access_token=

 

 

Authentication
  oauth-2-sm.png
 
BUSINESS GRAPH

Graph theory is the theory of links and nodes and how they interconnect – so a “graph” represents these links, on facebook.com the links to friends represents your social graph.

The links between contacts, invoices etc is an organisations “business graph”.

Some reading...

 

OPEN GRAPH

The Open Graph protocol enables any web page to become a rich object in a social graph.

Some reading...