OAuth Supporting Methods
OAuth allows you to share private resources stored on one site with another site without having to furnish your username and password. The OAuth 2.0 specification (draft) defines several ways of obtaining an access token, which is used by the client application to access resources on behalf of the end-user. Several of these flows require that service providers (or their authorization servers) respond to client calls directly. In order to support this requirement, Mashery provides an API that service providers can use in order to implement these flows. See http://tools.ietf.org/html/draft-ietf-oauth-v2-16.
The goal of this API is to simplify the provider's OAuth 2.0 implementation while allowing for maximum flexibility. In most cases, the provider passes the arguments as they are received from the client. Mashery then:
- Detects the OAuth 2.0 flow based on the supplied arguments
- Validates that the flow is supported by the related service definition
- Validates all arguments with respect to the flow
In some cases, the provider needs to extract some of the arguments in a protocol-specific manner. For instance, client credentials might be supplied by the client in the form of HTTP Basic Authentication (i.e., the Authorization header).
Underlying Protocol
Mashery API uses JSON-RPC as the underlying API protocol. See http://support.mashery.com/docs/read/mashery_api/20/JSON_RPC.
Types
Client Object
Parameters
| Parameter | Type | Description |
| client_id | string | The API key of the developer whose application is requesting access |
| client_secret | string | Client credentials if supplied with request |
URI Object
Parameters
| Parameter | Type | Description |
| redirect_uri | string | URI to redirect to after issuing authorization code. Used to verify subsequent access token request. |
| state | string | Optional application defined value used to maintain state between request and callback. |
Token_Data Object
Parameters
| Parameter | Type | Description |
| grant_type | string |
Optional, one of the following options:
|
| scope | string | Optional space-delimited list of scope identifiers (provider-defined) |
| code | string | Optional authorization code previously obtained by calling createAuthorizationCode (required when grant_type is "authorization_code") |
| response_type | string | Optional one of "code" or "token" |
| refresh_token | string | Optional refresh token obtained with a previously issued access token (required when grant_type is "refresh_token") |
| access_token | string | Optional, identifies the token data |
OAuth Error Object
Parameters
| Parameter | Type | Description |
| error | integer |
OAuth specific error code. Used when returning errors back to calling application. |
| error_descrption | string | Optional human readable error message. |
| error_response | null or array |
Indicates if error message is to be returned to calling application or handled strictly by Mashery API consumer.
|
See OAuth Generated Errors for more on OAuth errors.
Docs Navigation
- API Documentation Portal
- IO Docs Definition
- Mashery API Documentation
- Mashery 3.0 API Guide
- Mashery 2.0 API Guide
- OAuth Supporting Methods
- Examples
- JSON RPC
- Authentication
- API Objects
- Fetching Objects
- Query Language
- Creating Objects
- Updating Objects
- Validating Fields
- Deleting Objects
- Applications
- General Object Methods
- Members
- Packages
- Plans
- Package Keys
- Keys
- Developer Classes
- Services
- Roles
- Mashery 2.0 Reporting API Guide
- Event Trigger API
- Differences between Roles and Portal Access Groups
- Managing a Portal Access Group Using Mashery V2 or V3 API
- Mashery Reporting Event Post API Guide
- Tips and Tricks
- Your Portal
- API Traffic Manager
- I/O Docs WSDL requirements