Difference between revisions of "OAuth"
Jump to navigation
Jump to search
(Marked this version for translation) |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | <languages/> | ||
| + | <translate> | ||
| + | <!--T:1--> | ||
[https://tools.ietf.org/html/rfc6749 OAuth] is an open standard which allows other applications on the internet to access your Neos Account details without you sharing your Neos Password with them. OAuth provides a '''consent based''' process that ensures that you as a user agree to grant an application access before any data is exchanged. OAuth is commonly seen across the internet and many applications support it. | [https://tools.ietf.org/html/rfc6749 OAuth] is an open standard which allows other applications on the internet to access your Neos Account details without you sharing your Neos Password with them. OAuth provides a '''consent based''' process that ensures that you as a user agree to grant an application access before any data is exchanged. OAuth is commonly seen across the internet and many applications support it. | ||
| + | <!--T:2--> | ||
Are you familar with OAuth? Jump to [[#Quick Steps| Quick Steps]] to get your urls. | Are you familar with OAuth? Jump to [[#Quick Steps| Quick Steps]] to get your urls. | ||
| − | = OAuth Status = | + | = OAuth Status = <!--T:3--> |
| + | <!--T:4--> | ||
Neos' OAuth is in the '''very early stages''', using it requires application registration which is currently only possible with manual approval. You also '''cannot do much with OAuth right now''' but this will be expanded in the future. | Neos' OAuth is in the '''very early stages''', using it requires application registration which is currently only possible with manual approval. You also '''cannot do much with OAuth right now''' but this will be expanded in the future. | ||
| − | = Common Questions = | + | = Common Questions = <!--T:5--> |
| + | <!--T:6--> | ||
OAuth is a complex feature and due to this it can lead to some common questions about how it works. | OAuth is a complex feature and due to this it can lead to some common questions about how it works. | ||
| − | == Can OAuth let other people access my data? == | + | == Can OAuth let other people access my data? == <!--T:7--> |
OAuth cannot access your Neos account without your consent. | OAuth cannot access your Neos account without your consent. | ||
| − | == Can I use OAuth inside Neos? == | + | == Can I use OAuth inside Neos? == <!--T:8--> |
There are currently no Neos Components, LogiX nodes or other in-Neos elements that support OAuth. OAuth cannot also be manually handled used with LogiX, due to the requirements of a redirection URL. This may change in the future. | There are currently no Neos Components, LogiX nodes or other in-Neos elements that support OAuth. OAuth cannot also be manually handled used with LogiX, due to the requirements of a redirection URL. This may change in the future. | ||
| − | == Can I use OAuth to Login/Access Google/Facebook/Dropbox etc? == | + | == Can I use OAuth to Login/Access Google/Facebook/Dropbox etc? == <!--T:9--> |
No, OAuth on this page and the Neos feature is designed to let other services connect to your account and not the other way around. | No, OAuth on this page and the Neos feature is designed to let other services connect to your account and not the other way around. | ||
| − | = Example Scenarios = | + | = Example Scenarios = <!--T:10--> |
| + | <!--T:11--> | ||
Here are some examples of things that might be possible with Neos and OAuth in the future. '''None of these applications exist, these are just examples of what you might be able to do'''. | Here are some examples of things that might be possible with Neos and OAuth in the future. '''None of these applications exist, these are just examples of what you might be able to do'''. | ||
| + | <!--T:12--> | ||
* Event Registration - As a part of an event registration system, you could be asked to link your Neos Account with an Event Registration System. This would securely identify you and prove that you were a particular Neos User which could allow you access to paid events, sessions and workshops etc. | * Event Registration - As a part of an event registration system, you could be asked to link your Neos Account with an Event Registration System. This would securely identify you and prove that you were a particular Neos User which could allow you access to paid events, sessions and workshops etc. | ||
* Utilities / Applications - Manage your friends, messages etc outside of Neos using a 3rd party application. | * Utilities / Applications - Manage your friends, messages etc outside of Neos using a 3rd party application. | ||
* Management - Edit your Neos profile & inventory from outside of Neos. | * Management - Edit your Neos profile & inventory from outside of Neos. | ||
| − | = OAuth Requirements = | + | = OAuth Requirements = <!--T:13--> |
In order to use OAuth you will need: | In order to use OAuth you will need: | ||
* A registered application/client with Neos | * A registered application/client with Neos | ||
| Line 35: | Line 43: | ||
* A webserver - OAuth requires a web application / server to process the OAuth authorization process. | * A webserver - OAuth requires a web application / server to process the OAuth authorization process. | ||
| − | == Registering an Application == | + | == Registering an Application == <!--T:14--> |
| − | To register an application you will need to email | + | <s>To register an application you will need to email hello@neos.com. In your email please include: |
* Your Name. | * Your Name. | ||
* Your Reason for requesting access. | * Your Reason for requesting access. | ||
* Your Application's Name. | * Your Application's Name. | ||
| − | * An OAuth Callback/Redirect URL. - This is the URL Neos will use to redirect users back to your application as a part of the OAuth process. It usually needs to run on a web server. | + | * An OAuth Callback/Redirect URL. - This is the URL Neos will use to redirect users back to your application as a part of the OAuth process. It usually needs to run on a web server.</s> |
| − | = OAuth Flow = | + | <!--T:15--> |
| + | We're temporarily not accepting new registrations here. Please stay tuned for future updates. | ||
| + | |||
| + | = OAuth Flow = <!--T:16--> | ||
Once you have all of the above requirements, you can get started! | Once you have all of the above requirements, you can get started! | ||
| + | <!--T:17--> | ||
Neos uses the Authorization Code OAuth Flow. This is quite complex and it is recommended that you follow a guide for your language or environment of choice a Generic Guide can be found [https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/ Generic Guide]. | Neos uses the Authorization Code OAuth Flow. This is quite complex and it is recommended that you follow a guide for your language or environment of choice a Generic Guide can be found [https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/ Generic Guide]. | ||
| − | Here's a basic | + | Here's a basic explanation which might be helpful before you dig in: |
# A user authenticates with your Application. E.g. CoolApp.com. | # A user authenticates with your Application. E.g. CoolApp.com. | ||
# Once Authenticated a link or button is presented to the user asking them to Login / Link their Neos account. | # Once Authenticated a link or button is presented to the user asking them to Login / Link their Neos account. | ||
| − | # This link should redirect using standard Authorization Code Flow parameters to: https:// | + | # This link should redirect using standard Authorization Code Flow parameters to: https://auth.neos.com/connect/authorize |
# Neos will then ask the User to Login using their Neos account. | # Neos will then ask the User to Login using their Neos account. | ||
# Once they are logged in a message will be shown asking them to grant your application access to their Neos account. | # Once they are logged in a message will be shown asking them to grant your application access to their Neos account. | ||
| − | # If they agree they will be redirected back to your registered | + | # If they agree they will be redirected back to your registered application's redirect url. |
# The redirect URL will contain an authorization code which you can exchange for an access token on your server. The token url is: https://cloudx-account.azurewebsites.net/. | # The redirect URL will contain an authorization code which you can exchange for an access token on your server. The token url is: https://cloudx-account.azurewebsites.net/. | ||
| − | == Using An Access Token == | + | == Using An Access Token == <!--T:18--> |
| − | Currently once a token is obtained you can use it to call | + | Currently once a token is obtained you can use it to call a limited amount of endpoints. These endpoints may increase in the future. |
| − | |||
| − | = Quick Steps = | + | === Profile Endpoint === <!--T:19--> |
| + | Calling: <code>https://auth.neos.com/api/user/profiles</code>, with your token in the header: <code>Authorization: Bearer [token]</code> will provide a standard Neos User Profile in JSON Format. | ||
| + | |||
| + | <!--T:20--> | ||
| + | To receive it you will need to ensure you request the <code>profile</code> scope. | ||
| + | |||
| + | <!--T:21--> | ||
| + | Additionally, with some additional scopes you can access some additional information. See [[#Scopes|Scopes]]. | ||
| + | |||
| + | = Quick Steps = <!--T:22--> | ||
Have you done this before? This section is for you! | Have you done this before? This section is for you! | ||
| + | <!--T:23--> | ||
* Neos Uses the Authorization Code / Grant Flow | * Neos Uses the Authorization Code / Grant Flow | ||
* You must [[#Registering an Application| Register an Application]]. | * You must [[#Registering an Application| Register an Application]]. | ||
* You need a Client ID and Client Secret. | * You need a Client ID and Client Secret. | ||
| − | == Endpoints == | + | == Endpoints == <!--T:24--> |
| − | * Authorization: <code>https:// | + | * Authorization: <code>https://auth.neos.com/connect/authorize</code> |
| − | * Token: <code>https:// | + | * Token: <code>https://auth.neos.com/connect/token</code> |
* Headers: <code>Authorization: Bearer [token]</code> | * Headers: <code>Authorization: Bearer [token]</code> | ||
| − | == Scopes == | + | == Scopes == <!--T:25--> |
| − | + | {| class="wikitable" | |
| + | |- | ||
| + | ! Scope Name | ||
| + | ! Description | ||
| + | |- | ||
| + | | profile | ||
| + | | Enables you to obtain profile information such as a User's username, profile image etc. | ||
| + | |- | ||
| + | | email | ||
| + | | Enables you to see the User's email in the [[#Profile_Endpoint|profile response]]. | ||
| + | |- | ||
| + | | patreon | ||
| + | | Provides the user's Patreon information in the [[#Profile_Endpoint|profile response]]. | ||
| + | |} | ||
| − | = External Resources = | + | = External Resources = <!--T:26--> |
* [https://tools.ietf.org/html/rfc6749 OAuth's Specification] - 76 Pages of Technical information. | * [https://tools.ietf.org/html/rfc6749 OAuth's Specification] - 76 Pages of Technical information. | ||
* [https://www.oauth.com/ OAuth Simplified] - A Simplified explanation of many of the parts of OAuth. Do note that some pages may link to a paid service but that this service is not required to use OAuth. | * [https://www.oauth.com/ OAuth Simplified] - A Simplified explanation of many of the parts of OAuth. Do note that some pages may link to a paid service but that this service is not required to use OAuth. | ||
* [https://en.wikipedia.org/wiki/OAuth Wikipedia] - Wikipedia's page on OAuth. | * [https://en.wikipedia.org/wiki/OAuth Wikipedia] - Wikipedia's page on OAuth. | ||
* [https://github.com/ProbablePrime/neos-oauth-example Example OAuth Application by ProbablePrime] | * [https://github.com/ProbablePrime/neos-oauth-example Example OAuth Application by ProbablePrime] | ||
| − | + | </translate> | |
{{stub}} | {{stub}} | ||
Latest revision as of 07:43, 2 June 2022
OAuth is an open standard which allows other applications on the internet to access your Neos Account details without you sharing your Neos Password with them. OAuth provides a consent based process that ensures that you as a user agree to grant an application access before any data is exchanged. OAuth is commonly seen across the internet and many applications support it.
Are you familar with OAuth? Jump to Quick Steps to get your urls.
OAuth Status
Neos' OAuth is in the very early stages, using it requires application registration which is currently only possible with manual approval. You also cannot do much with OAuth right now but this will be expanded in the future.
Common Questions
OAuth is a complex feature and due to this it can lead to some common questions about how it works.
Can OAuth let other people access my data?
OAuth cannot access your Neos account without your consent.
Can I use OAuth inside Neos?
There are currently no Neos Components, LogiX nodes or other in-Neos elements that support OAuth. OAuth cannot also be manually handled used with LogiX, due to the requirements of a redirection URL. This may change in the future.
Can I use OAuth to Login/Access Google/Facebook/Dropbox etc?
No, OAuth on this page and the Neos feature is designed to let other services connect to your account and not the other way around.
Example Scenarios
Here are some examples of things that might be possible with Neos and OAuth in the future. None of these applications exist, these are just examples of what you might be able to do.
- Event Registration - As a part of an event registration system, you could be asked to link your Neos Account with an Event Registration System. This would securely identify you and prove that you were a particular Neos User which could allow you access to paid events, sessions and workshops etc.
- Utilities / Applications - Manage your friends, messages etc outside of Neos using a 3rd party application.
- Management - Edit your Neos profile & inventory from outside of Neos.
OAuth Requirements
In order to use OAuth you will need:
- A registered application/client with Neos
- The registered application's OAuth Client ID and Client Secret.
- A list of scopes that you want to use.
- A webserver - OAuth requires a web application / server to process the OAuth authorization process.
Registering an Application
To register an application you will need to email hello@neos.com. In your email please include:
- Your Name.
- Your Reason for requesting access.
- Your Application's Name.
An OAuth Callback/Redirect URL. - This is the URL Neos will use to redirect users back to your application as a part of the OAuth process. It usually needs to run on a web server.
We're temporarily not accepting new registrations here. Please stay tuned for future updates.
OAuth Flow
Once you have all of the above requirements, you can get started!
Neos uses the Authorization Code OAuth Flow. This is quite complex and it is recommended that you follow a guide for your language or environment of choice a Generic Guide can be found Generic Guide. Here's a basic explanation which might be helpful before you dig in:
- A user authenticates with your Application. E.g. CoolApp.com.
- Once Authenticated a link or button is presented to the user asking them to Login / Link their Neos account.
- This link should redirect using standard Authorization Code Flow parameters to: https://auth.neos.com/connect/authorize
- Neos will then ask the User to Login using their Neos account.
- Once they are logged in a message will be shown asking them to grant your application access to their Neos account.
- If they agree they will be redirected back to your registered application's redirect url.
- The redirect URL will contain an authorization code which you can exchange for an access token on your server. The token url is: https://cloudx-account.azurewebsites.net/.
Using An Access Token
Currently once a token is obtained you can use it to call a limited amount of endpoints. These endpoints may increase in the future.
Profile Endpoint
Calling: https://auth.neos.com/api/user/profiles, with your token in the header: Authorization: Bearer [token] will provide a standard Neos User Profile in JSON Format.
To receive it you will need to ensure you request the profile scope.
Additionally, with some additional scopes you can access some additional information. See Scopes.
Quick Steps
Have you done this before? This section is for you!
- Neos Uses the Authorization Code / Grant Flow
- You must Register an Application.
- You need a Client ID and Client Secret.
Endpoints
- Authorization:
https://auth.neos.com/connect/authorize - Token:
https://auth.neos.com/connect/token - Headers:
Authorization: Bearer [token]
Scopes
| Scope Name | Description |
|---|---|
| profile | Enables you to obtain profile information such as a User's username, profile image etc. |
| Enables you to see the User's email in the profile response. | |
| patreon | Provides the user's Patreon information in the profile response. |
External Resources
- OAuth's Specification - 76 Pages of Technical information.
- OAuth Simplified - A Simplified explanation of many of the parts of OAuth. Do note that some pages may link to a paid service but that this service is not required to use OAuth.
- Wikipedia - Wikipedia's page on OAuth.
- Example OAuth Application by ProbablePrime
This article or section is a Stub. You can help the Neos Wiki by expanding it.