http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/authenticating-users-and-application-clients.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/authenticating-users-and-application-clients.html b/content/docs/security-and-auth/authenticating-users-and-application-clients.html new file mode 100644 index 0000000..7e1348f --- /dev/null +++ b/content/docs/security-and-auth/authenticating-users-and-application-clients.html @@ -0,0 +1,528 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Authenticating users & app clients — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="Authentication levels" href="user-authentication-types.html"/> + <link rel="prev" title="Using permissions" href="using-permissions.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Authenticating users & app clients</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#authentication-levels">Authentication levels</a></li> +<li class="toctree-l2"><a class="reference internal" href="#application-user-authentication-user-login">Application user authentication (user login)</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#using-the-sdks">Using the SDKs</a><ul> +<li class="toctree-l4"><a class="reference internal" href="#request-syntax">Request syntax</a></li> +<li class="toctree-l4"><a class="reference internal" href="#example-request">Example request</a></li> +<li class="toctree-l4"><a class="reference internal" href="#example-response">Example response</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="#application-client-authentication">Application client authentication</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#id1">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id2">Example request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id3">Example response</a></li> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="#admin-user-authentication">Admin user authentication</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#id4">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id5">Example Request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id6">Example response</a></li> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="#organization-client-authentication">Organization client authentication</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#id7">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id8">Example request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#id9">Example response</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> +<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> +<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> +<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Authenticating users & app clients</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/authenticating-users-and-application-clients.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article";> + <div itemprop="articleBody"> + + <div class="section" id="authenticating-users-app-clients"> +<h1>Authenticating users & app clients<a class="headerlink" href="#authenticating-users-app-clients" title="Permalink to this headline">¶</a></h1> +<p>To protect your Usergrid application data, one of the steps you’ll take +is to authenticate your app’s users. By ensuring that they are who they +say they are, you can help ensure that your application’s data is +available in secure ways. After you’ve created permission rules that +define access to your application and have associated these rules with +users, you’ll want to add code that authenticates your user, as +described in this topic.</p> +<div class="admonition note"> <p class="first admonition-title"><p>Note</p> + </p> <p class="last"> + + +You manage access to your application's data by creating permission<p>rules that govern which users can do what. Users authenticated as +Application User have access according to these rules. For more about +managing permissions, see <a class="reference external" href="using-permissions.html">Using +Permissions</a>.</p> +</p></div><div class="section" id="authentication-levels"> +<h2>Authentication levels<a class="headerlink" href="#authentication-levels" title="Permalink to this headline">¶</a></h2> +<p>Usergrid supports four levels of authentication:</p> +<ul class="simple"> +<li><strong>Application user</strong>: Grant’s user access to an API Services +application, based on the roles and permissions assigned to the user.</li> +<li><strong>Application client</strong>: Grants full access to perform API requests +against an API Services application.</li> +<li><strong>Organization client</strong>: Grants full access to perform API requests +against an API Services organization.</li> +<li><strong>Admin user</strong>: Grants full access to perform API requests against +any API Services organization that the user is an admin of.</li> +</ul> +<p>Because the scope of access provided by the application client, +organization client, and admin user authentication levels is so broad +(and as a result, so powerful), it’s a bad practice to use them from a +mobile app or any client-side code. Instead, they’re better suited to +server-side implementations, such as web applications.</p> +<p>For a more detailed description of available authentication levels, see +<a class="reference external" href="user-authentication-types.html">Authentication levels</a>.</p> +</div> +<div class="section" id="application-user-authentication-user-login"> +<h2>Application user authentication (user login)<a class="headerlink" href="#application-user-authentication-user-login" title="Permalink to this headline">¶</a></h2> +<p>Using the username and password values specified when the user entity +was created, your app can connect to the Usergrid application endpoint +to request an access token. It’s also acceptable to use the user’s email +address in place of the username.</p> +<div class="section" id="using-the-sdks"> +<h3>Using the SDKs<a class="headerlink" href="#using-the-sdks" title="Permalink to this headline">¶</a></h3> +<p>When a user is logged in using the Usergrid iOS, JavaScript, node.JS and +Android SDKs, the returned token is automatically stored in the +UsergridDataClient (iOS), DataClient (Android), or Usergrid.Client +(JavaScript/node.JS) class instance, and will be sent to the API with +all subsequent method calls.</p> +<div class="section" id="request-syntax"> +<h4>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">¶</a></h4> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/<orgName>/<appName>/token" -d '{"grant_type":"password", "username":<username>, "password":<password>}' +</pre></div> +</div> +</div> +<div class="section" id="example-request"> +<h4>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">¶</a></h4> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/my-org/my-app/token" -d '{"grant_type":"password", "username":"john.doe", "password":"testpw"}' +</pre></div> +</div> +</div> +<div class="section" id="example-response"> +<h4>Example response<a class="headerlink" href="#example-response" title="Permalink to this headline">¶</a></h4> +<p>The results include the access token needed to make subsequent API +requests on behalf of the application user:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> +<span class="s">"access_token"</span><span class="p">:</span> <span class="s">"5wuGd-lcEeCUBwBQVsAACA:F8zeMOlcEeCUBwBQVsAACA:YXU6AAABMq0hdy4"</span><span class="p">,</span> +<span class="s">"expires_in"</span><span class="p">:</span> <span class="mi">3600</span><span class="p">,</span> + <span class="s">"user"</span><span class="p">:</span> <span class="p">{</span> + <span class="o">...</span> + <span class="p">}</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +</div> +<div class="section" id="application-client-authentication"> +<h2>Application client authentication<a class="headerlink" href="#application-client-authentication" title="Permalink to this headline">¶</a></h2> +<p>Using your appâs client id and client secret values, your app can +connect to the Usergrid application endpoint to request an access token. +The client ID and secret for your app can be found in ‘Getting Started’ +section of the API Services admin portal, under ‘Server App +Credentials’.</p> +<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p> + </p> <p class="last"> + + +Warning: You should never authenticate this way from a client-side app<p>such as a mobile app. A hacker could analyze your app and extract the +credentials for malicious use even if those credentials are compiled and +in binary format. See “safe mobile access” in <a class="reference external" href="authenticating-api-requests.html">Authenticating API +requests</a> for additional +considerations in keeping access to your app and its data secure.</p> +</p></div><div class="section" id="id1"> +<h3>Request syntax<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/<orgName>/<appName>/token" -d '{"grant_type":"client_credentials", "client_id":<application_clientID>, "client_secret":"<application_client_secret>"}' +</pre></div> +</div> +</div> +<div class="section" id="id2"> +<h3>Example request<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/my-org/my-app/token" -d '{"grant_type":"client_credentials", "client_id":"YXB7NAD7EM0MEeJ989xIxPRxEkQ", "client_secret":"YXB7NAUtV9krhhMr8YCw0QbOZH2pxEf"}' +</pre></div> +</div> +</div> +<div class="section" id="id3"> +<h3>Example response<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3> +<p>The results include the access token needed to make subsequent API +requests on behalf of the application:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"access_token"</span><span class="p">:</span> <span class="s">"F8zeMOlcEeCUBwBQVsAACA:YXA6AAABMq0d4Mep_UgbZA0-sOJRe5yWlkq7JrDCkA"</span><span class="p">,</span> + <span class="s">"expires_in"</span><span class="p">:</span> <span class="mi">3600</span><span class="p">,</span> + <span class="s">"application"</span><span class="p">:</span> <span class="p">{</span> + <span class="o">...</span> + <span class="p">}</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +<div class="section" id="admin-user-authentication"> +<h2>Admin user authentication<a class="headerlink" href="#admin-user-authentication" title="Permalink to this headline">¶</a></h2> +<p>If you do require admin user access, your app can connect to the +Usergrid management endpoint to request an access token. Your app +supplies the username and password of an admin user in the request.</p> +<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p> + </p> <p class="last"> + + +Warning: Authenticating as an admin user grants full access to one or<p>more organizations and all of the applications contained in those +organizations. Due to this, be cautious when implementing this type of +authentication in client-side code. Instead, consider implementing admin +user access in server-side code only. See “safe mobile access” in +<a class="reference external" href="authenticating-api-requests.html">Authenticating API requests</a> for +additional considerations in keeping access to your app and its data +secure.</p> +</p></div><div class="section" id="id4"> +<h3>Request syntax<a class="headerlink" href="#id4" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/management/token" -d '{"grant_type":"password", "username":<admin_username>, "password":<admin_password>}' +</pre></div> +</div> +</div> +<div class="section" id="id5"> +<h3>Example Request<a class="headerlink" href="#id5" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/management/token" -d '{"grant_type":"password", "username":"testadmin", "password":"testadminpw"}' +</pre></div> +</div> +</div> +<div class="section" id="id6"> +<h3>Example response<a class="headerlink" href="#id6" title="Permalink to this headline">¶</a></h3> +<p>The results include the access token needed to make subsequent API +requests on behalf of the admin user:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"access_token"</span><span class="p">:</span> <span class="s">"f_GUbelXEeCfRgBQVsAACA:YWQ6AAABMqz_xUyYeErOkKjnzN7YQXXlpgmL69fvaA"</span><span class="p">,</span> + <span class="s">"expires_in"</span><span class="p">:</span> <span class="mi">3600</span><span class="p">,</span> + <span class="s">"user"</span><span class="p">:</span> <span class="p">{</span> + <span class="o">...</span> + <span class="p">}</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +<div class="section" id="organization-client-authentication"> +<h2>Organization client authentication<a class="headerlink" href="#organization-client-authentication" title="Permalink to this headline">¶</a></h2> +<p>If you do require organization level access, your app can connect to the +Usergrid management endpoint to request an access token. Access to an +organization requires the client id and client secret credentials. The +client ID and secret for your organization can be found on the ‘Org +Administration’ page of the API Services admin console under +‘Organization API Credentials’.</p> +<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p> + </p> <p class="last"> + + +Warning: You should never authenticate this way from a client-side app<p>such as a mobile app. A hacker could analyze your app and extract the +credentials for malicious use even if those credentials are compiled and +in binary format. See “safe mobile access” in [Authenticating API +requests](authenticating-api-requests.html for additional considerations +in keeping access to your app and its data secure.</p> +</p></div><div class="section" id="id7"> +<h3>Request syntax<a class="headerlink" href="#id7" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/management/token" -d '{"grant_type":"client_credentials", "client_id":<org_clientID>, "client_secret":<org_client_secret>}' +</pre></div> +</div> +</div> +<div class="section" id="id8"> +<h3>Example request<a class="headerlink" href="#id8" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/management/token" -d '{"grant_type":"client_credentials", "client_id":"YXB7NAD7EM0MEeJ989xIxPRxEkQ", "client_secret":"YXB7NAUtV9krhhMr8YCw0QbOZH2pxEf"}' +</pre></div> +</div> +</div> +<div class="section" id="id9"> +<h3>Example response<a class="headerlink" href="#id9" title="Permalink to this headline">¶</a></h3> +<p>The results include the access token needed to make subsequent API +requests to the organization:</p> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"access_token"</span><span class="p">:</span> <span class="s">"gAuFEOlXEeCfRgBQVsAACA:b3U6AAABMqz-Cn0wtDxxkxmQLgZvTMubcP20FulCZQ"</span><span class="p">,</span> + <span class="s">"expires_in"</span><span class="p">:</span> <span class="mi">3600</span><span class="p">,</span> + <span class="s">"organization"</span><span class="p">:</span> <span class="p">{</span> + <span class="o">...</span> + <span class="p">}</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="user-authentication-types.html" class="btn btn-neutral float-right" title="Authentication levels" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="using-permissions.html" class="btn btn-neutral" title="Using permissions" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/";>Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme";>theme</a> provided by <a href="https://readthedocs.org";>Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/changing-token-time-live-ttl.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/changing-token-time-live-ttl.html b/content/docs/security-and-auth/changing-token-time-live-ttl.html new file mode 100644 index 0000000..bacf227 --- /dev/null +++ b/content/docs/security-and-auth/changing-token-time-live-ttl.html @@ -0,0 +1,389 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Changing token expiration (time-to-live) — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="Authenticating API requests" href="authenticating-api-requests.html"/> + <link rel="prev" title="Authentication levels" href="user-authentication-types.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> +<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Changing token expiration (time-to-live)</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#default-ttl">Default ttl</a></li> +<li class="toctree-l2"><a class="reference internal" href="#changing-the-default-ttl">Changing the default ttl</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li> +<li class="toctree-l3"><a class="reference internal" href="#example-request">Example Request</a></li> +<li class="toctree-l3"><a class="reference internal" href="#example-response">Example response</a></li> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="#changing-ttl-when-a-token-is-created">Changing ttl when a token is created</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> +<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> +<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Changing token expiration (time-to-live)</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/changing-token-time-live-ttl.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article";> + <div itemprop="articleBody"> + + <div class="section" id="changing-token-expiration-time-to-live"> +<h1>Changing token expiration (time-to-live)<a class="headerlink" href="#changing-token-expiration-time-to-live" title="Permalink to this headline">¶</a></h1> +<p>An access token has a âtime-to-liveâ (ttl), which is the maximum time +that the access token will be valid for use within the application. With +the Usergrid, you can change the default ttl for all application user +tokens, set the ttl for an individual token at the time of creation, or +revoke one or more tokens. This gives you a high degree of control over +access to your Usergrid account and data store.</p> +<div class="section" id="default-ttl"> +<h2>Default ttl<a class="headerlink" href="#default-ttl" title="Permalink to this headline">¶</a></h2> +<p>By default, all tokens have a system-defined time-to-live of 7 days +(604800 seconds). Note that Token ttl is specified in milliseconds, but +when a token is created, the API response will return the ttl in +seconds.</p> +</div> +<div class="section" id="changing-the-default-ttl"> +<h2>Changing the default ttl<a class="headerlink" href="#changing-the-default-ttl" title="Permalink to this headline">¶</a></h2> +<p>You can change the default ttl for all application user tokens (that is, +tokens associated with a user entity) by updating the application +entityâs accesstokenttl property. Changing the default ttl will only +affect new tokens. Any existing tokens will not be affected.</p> +<p>Please note that this does not apply to application client, organization +client or admin user tokens. For more on obtaining tokens for these +other authorization levels, see <a class="reference external" href="authenticating-users-and-application-clients.html">Authenticating users and application +clients</a>.</p> +<p><strong>Note</strong>: If you set ttl=0, the token will never expire. This can pose a +security risk and should be used with caution.</p> +<div class="section" id="request-syntax"> +<h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/<org_name>/<app_name> -d '{"accesstokenttl":<ttl_in_milliseconds>}' +</pre></div> +</div> +</div> +<div class="section" id="example-request"> +<h3>Example Request<a class="headerlink" href="#example-request" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre>curl -X PUT https://api.usergrid.com/your-org/your-app -d '{"accesstokenttl":"1800000"}' +</pre></div> +</div> +</div> +<div class="section" id="example-response"> +<h3>Example response<a class="headerlink" href="#example-response" title="Permalink to this headline">¶</a></h3> +<div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> + <span class="s">"action"</span> <span class="p">:</span> <span class="s">"put"</span><span class="p">,</span> + <span class="s">"application"</span> <span class="p">:</span> <span class="s">"d878de4r-99a7-11e3-b31d-5373d7165c2d"</span><span class="p">,</span> + <span class="s">"params"</span> <span class="p">:</span> <span class="p">{</span> + <span class="s">"access_token"</span> <span class="p">:</span> <span class="p">[</span> <span class="s">"DFR4d5M1mJmoEeOGVPncm-g9qgAAAURv_lfQ7uu6aYHjJJn7QCrGoVnvU-ob5Ko"</span> <span class="p">]</span> + <span class="p">},</span> + <span class="s">"uri"</span> <span class="p">:</span> <span class="s">"https://api.usergrid.com/amuramoto/secured"</span><span class="p">,</span> + <span class="s">"entities"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span> + <span class="s">"uuid"</span> <span class="p">:</span> <span class="s">"d878de4r-99a7-11e3-b31d-5373d7165c2d"</span><span class="p">,</span> + <span class="s">"type"</span> <span class="p">:</span> <span class="s">"application"</span><span class="p">,</span> + <span class="s">"name"</span> <span class="p">:</span> <span class="s">"your-org/your-app"</span><span class="p">,</span> + <span class="s">"created"</span> <span class="p">:</span> <span class="mi">1392843003032</span><span class="p">,</span> + <span class="s">"modified"</span> <span class="p">:</span> <span class="mi">1392843615777</span><span class="p">,</span> + <span class="s">"accesstokenttl"</span> <span class="p">:</span> <span class="mi">1800000</span><span class="p">,</span> + <span class="s">"organizationName"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> + <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span><span class="p">,</span> + <span class="s">"apigeeMobileConfig"</span> <span class="p">:</span> <span class="s">"{...}"</span><span class="p">,</span> + <span class="s">"metadata"</span> <span class="p">:</span> <span class="p">{</span> + <span class="s">"collections"</span> <span class="p">:</span> <span class="p">[</span> <span class="s">"activities"</span><span class="p">,</span> <span class="s">"assets"</span><span class="p">,</span> <span class="s">"devices"</span><span class="p">,</span> <span class="s">"events"</span><span class="p">,</span> <span class="s">"folders"</span><span class="p">,</span> <span class="s">"groups"</span><span class="p">,</span> <span class="s">"roles"</span><span class="p">,</span> <span class="s">"users"</span> <span class="p">]</span> + <span class="p">}</span> + <span class="p">}</span> <span class="p">],</span> + <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1392843615767</span><span class="p">,</span> + <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">28</span><span class="p">,</span> + <span class="s">"organization"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> + <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span> +<span class="p">}</span> +</pre></div> +</div> +</div> +</div> +<div class="section" id="changing-ttl-when-a-token-is-created"> +<h2>Changing ttl when a token is created<a class="headerlink" href="#changing-ttl-when-a-token-is-created" title="Permalink to this headline">¶</a></h2> +<p>When you request an access token, you can override its ttl by including +a ttl property in the body of the request when the token is created. +This applies to tokens for all authentication levels, including +application user, admin user, organization client, and application +client authentication levels.</p> +<p>The ttl must be equal to or less than the value of the application +entity’s accesstokenttl property. If you specify a ttl value greater +than the value of accesstokenttl, an error message is returned that +indicates the maximum time to live value that can be specified.</p> +<p>For example, the following would create an application user token with a +ttl of 180000000 milliseconds:</p> +<div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/your-org/your-app/token -d '{"username":"someUser", "password":"somePassword", "grant_type":"password", "ttl":"180000000"}' +</pre></div> +</div> +<p><strong>Note</strong>: If you set ttl=0, the token will never expire. This can pose a +security risk and should be used with caution.</p> +</div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="authenticating-api-requests.html" class="btn btn-neutral float-right" title="Authenticating API requests" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="user-authentication-types.html" class="btn btn-neutral" title="Authentication levels" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/";>Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme";>theme</a> provided by <a href="https://readthedocs.org";>Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-usergrid/blob/4a92ab09/content/docs/security-and-auth/facebook-sign.html ---------------------------------------------------------------------- diff --git a/content/docs/security-and-auth/facebook-sign.html b/content/docs/security-and-auth/facebook-sign.html new file mode 100644 index 0000000..69ca5a2 --- /dev/null +++ b/content/docs/security-and-auth/facebook-sign.html @@ -0,0 +1,506 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Facebook sign in — Apache Usergrid 1.0 documentation</title> + + + + + + + + + + + + + + + + <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> + + + + + + <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/> + <link rel="next" title="Security best practices" href="securing-your-app.html"/> + <link rel="prev" title="Revoking tokens (logout)" href="revoking-tokens-logout.html"/> + + + <script src="../_static/js/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + + + <a href="../index.html" class="icon icon-home"> Apache Usergrid + + + + </a> + + + + + <div class="version"> + 1.0 + </div> + + + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + + + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <p class="caption"><span class="caption-text">Introduction</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> +<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> +</ul> +<p class="caption"><span class="caption-text">Getting Started</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-a-new-application.html">Creating a new application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/creating-account.html">Creating an Usergrid Account</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-a-sandbox-app.html">Using a Sandbox Application</a></li> +<li class="toctree-l1"><a class="reference internal" href="../getting-started/using-the-api.html">Using the API</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Storage</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Data Queries</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> +<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> +</ul> +<p class="caption"><span class="caption-text">Entity Connections</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Security & Authentication</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> +<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> +<li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> +<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> +<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> +<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> +<li class="toctree-l1 current"><a class="current reference internal" href="">Facebook sign in</a><ul> +<li class="toctree-l2"><a class="reference internal" href="#facebook-login-example">Facebook login example</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#step-1-create-a-facebook-app">Step 1: Create a Facebook app</a></li> +<li class="toctree-l3"><a class="reference internal" href="#step-2-invoke-the-facebook-oauth-dialog">Step 2: Invoke the Facebook OAuth dialog</a></li> +<li class="toctree-l3"><a class="reference internal" href="#step-3-add-the-javascript-sdk-for-facebook">Step 3: Add the JavaScript SDK for Facebook</a></li> +<li class="toctree-l3"><a class="reference internal" href="#step-4-setup-fb-login">Step 4. Setup FB.login</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> +</ul> +<p class="caption"><span class="caption-text">User Management & Social Graph</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> +<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> +</ul> +<p class="caption"><span class="caption-text">Geo-location</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> +</ul> +<p class="caption"><span class="caption-text">Assets & Files</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/uploading-assets.html">Uploading assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/retrieving-assets.html">Retrieving assets</a></li> +<li class="toctree-l1"><a class="reference internal" href="../asset-and-files/folders.html">Folders</a></li> +</ul> +<p class="caption"><span class="caption-text">Counters & Events</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> +<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> +</ul> +<p class="caption"><span class="caption-text">Organizations & Applications</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> +<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> +</ul> +<p class="caption"><span class="caption-text">API Reference</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> +<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> +</ul> +<p class="caption"><span class="caption-text">Client SDKs</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> +</ul> +<p class="caption"><span class="caption-text">Installing the Stack</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-deploy-to-tomcat.html">Usegrid 1: Deploying to Tomcat</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug1-launcher-quick-start.html">Usegrid 1: Launcher Quick-start</a></li> +<li class="toctree-l1"><a class="reference internal" href="../installation/ug2-deploy-to-tomcat.html">Usergrid 2: Deploy to Tomcat</a></li> +</ul> +<p class="caption"><span class="caption-text">More about Usergrid</span></p> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> +<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Apache Usergrid</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li>Facebook sign in</li> + <li class="wy-breadcrumbs-aside"> + + + <a href="../_sources/security-and-auth/facebook-sign.txt" rel="nofollow"> View page source</a> + + + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article";> + <div itemprop="articleBody"> + + <div class="section" id="facebook-sign-in"> +<h1>Facebook sign in<a class="headerlink" href="#facebook-sign-in" title="Permalink to this headline">¶</a></h1> +<p>You can authenticate your Usergrid requests by logging into Facebook. To +access Usergrid resources, you need to provide an access token with each +request (unless you use the sandbox app). You can get an access token by +connecting to an appropriate web service endpoint and providing the +correct client credentials â this is further described in Authenticating +users and application clients. However, you can also obtain an access +token by logging into Facebook.</p> +<p>To enable authentication to Usergrid through Facebook, do the following +in your app:</p> +<ol class="arabic simple"> +<li>Make a login call to the Facebook API (do this using the Facebook SDK +or API). If the login succeeds, a Facebook access token is returned.</li> +<li>Send the Facebook access token to Usergrid. If the Facebook access +token is valid and the user does not already exist in Usergrid, +Usergrid provisions a new Usergrid user. It also returns an Usergrid +access token, which you can use for subsequent Usergrid API calls. +Behind the scenes, Usergrid uses the Facebook access token to +retrieve the user’s profile information from Facebook.</li> +<li>If the Facebook access token is invalid, Facebook returns an OAuth +authentication error, and the login does not succeed.</li> +</ol> +<p>The request to authenticate to Usergrid using a Facebook access token +is:</p> +<div class="highlight-python"><div class="highlight"><pre>GET https://api.usergrid.com/{my_org}/{my_app}/auth/facebook?fb_access_token={fb_access_token} +</pre></div> +</div> +<p>where:</p> +<ul class="simple"> +<li><code class="docutils literal"><span class="pre">{my_org}</span></code> is the organization UUID or organization name.</li> +<li><code class="docutils literal"><span class="pre">{my_app}</span></code> is the application UUID or application name.</li> +<li><code class="docutils literal"><span class="pre">{fb_access_token}</span></code> is the Facebook access token.</li> +</ul> +<div class="section" id="facebook-login-example"> +<h2>Facebook login example<a class="headerlink" href="#facebook-login-example" title="Permalink to this headline">¶</a></h2> +<p>The Facebook technical guides for login present detailed information on +how to add Facebook login to your app. Instructions are provided for +JavaScript, iOS, and Android.</p> +<p>In brief, here are the steps for JavaScript. You can see these steps +implemented in the Facebook login example packaged with the JavaScript +SDK for Usergrid (which you can download in ZIP format or tar.gz +format). The Facebook login example is in the /examples/facebook +directory of the extracted download. The code example snippets shown +below are taken from the Facebook login example.</p> +<div class="section" id="step-1-create-a-facebook-app"> +<h3>Step 1: Create a Facebook app<a class="headerlink" href="#step-1-create-a-facebook-app" title="Permalink to this headline">¶</a></h3> +<p>Create a new app on the Facebook App Dashboard. Enter your app’s basic +information. Once created, note the app ID shown at the top of the +dashboard page.</p> +</div> +<div class="section" id="step-2-invoke-the-facebook-oauth-dialog"> +<h3>Step 2: Invoke the Facebook OAuth dialog<a class="headerlink" href="#step-2-invoke-the-facebook-oauth-dialog" title="Permalink to this headline">¶</a></h3> +<p>Invoke the Facebook OAuth Dialog. To do that, redirect the user’s +browser to a URL by inserting the following Javascript code after the +opening</p> +<body><p>tag in your appâs HTML file:</p> +<div class="highlight-python"><div class="highlight"><pre>https://www.facebook.com/dialog/oauth/? + client_id={YOUR_APP_ID} + &redirect_uri={YOUR_REDIRECT_URL} + &state={YOUR_STATE_VALUE} + &scope={COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES} + &response_type={YOUR_RESPONSE_TYPE} +</pre></div> +</div> +<p>where:</p> +<p><code class="docutils literal"><span class="pre">{YOUR_APP_ID}</span></code> is the app ID. <code class="docutils literal"><span class="pre">{YOUR_REDIRECT_URL}</span></code> is the +application UUID or application name. <code class="docutils literal"><span class="pre">{YOUR_STATE_VALUE}</span></code> is a unique +string used to maintain application state between the request and +callback. <code class="docutils literal"><span class="pre">{COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES}</span></code> is a comma +separated list of permission names which you would like the user to +grant your application. <code class="docutils literal"><span class="pre">{YOUR_RESPONSE_TYPE}</span></code>is the requested +response type, either code or token. Defaults to code. Set the response +type to token. With the response type set to token, the Dialog’s +response will include an OAuth user access token in the fragment of the +URL the user is redirected to, as per the client-side authentication +flow.</p> +<p>Here is how itâs done in the Facebook login example:</p> +<div class="highlight-python"><div class="highlight"><pre>var apiKey = $("#api-key").val(); +var location = window.location.protocol + '//' + window.location.host; +var path = window.location.pathname; + +var link = "https://www.facebook.com/dialog/oauth?client_id="; +link += apiKey; +link += "&redirect_uri="; +link += location+path +link += "&scope&COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES&response_type=token"; + +//now forward the user to facebook +window.location = link; +</pre></div> +</div> +<p>Notice that the response type is set to token. As a result, a Facebook +access token will be appended to the URL to which the user is +redirected.</p> +</div> +<div class="section" id="step-3-add-the-javascript-sdk-for-facebook"> +<h3>Step 3: Add the JavaScript SDK for Facebook<a class="headerlink" href="#step-3-add-the-javascript-sdk-for-facebook" title="Permalink to this headline">¶</a></h3> +<p>Add the following Javascript SDK initialization code after the code that +invokes the Facebook OAuth Dialog. The code will load and initialize the +JavaScript SDK in your HTML page. Replace <code class="docutils literal"><span class="pre">YOUR_APP_ID</span></code> with the App +ID noted in Step 1, and WWW.YOUR_DOMAIN.COM with your own domain.</p> +<div class="highlight-python"><div class="highlight"><pre>window.fbAsyncInit = function() { + FB.init({ + appId : 'YOUR_APP_ID', // App ID + channelUrl : '//WWW.YOUR_DOMAIN.COM/channel.html', // Channel File + status : true, // check login status + cookie : true, // enable cookies to allow the server to access the session + xfbml : true // parse XFBML + }); +</pre></div> +</div> +<p>Here is how the window.fbAsynchInit() function is implemented in the +Facebook login example:</p> +<div class="highlight-python"><div class="highlight"><pre>//load up the facebook api sdk + window.fbAsyncInit = function() { + FB.init({ + appId : '308790195893570', // App ID + channelUrl : '//usergridsdk.dev//examples/channel.html', // Channel File + status : true, // check login status + cookie : true, // enable cookies to allow the server to access the session + xfbml : true // parse XFBML + }); + }; +</pre></div> +</div> +</div> +<div class="section" id="step-4-setup-fb-login"> +<h3>Step 4. Setup FB.login<a class="headerlink" href="#step-4-setup-fb-login" title="Permalink to this headline">¶</a></h3> +<p>Whenever a user is either not logged into Facebook or not authorized for +an app, it is useful to prompt them with the relevant dialog. The +<code class="docutils literal"><span class="pre">FB.login()</span></code> Javascript SDK function automatically displays the +correct one to the user.</p> +<p>To integrate <code class="docutils literal"><span class="pre">FB.login()</span></code> function in your existing code:</p> +<div class="highlight-python"><div class="highlight"><pre>function login() { + FB.login(function(response) { + if (response.authResponse) { + // connected + } else { + // cancelled + } + }); +} +</pre></div> +</div> +<p>Here is how <code class="docutils literal"><span class="pre">FB.login()</span></code> is implemented in the Facebook login example:</p> +<div class="highlight-python"><div class="highlight"><pre>function login(facebookAccessToken) { + client.loginFacebook(facebookAccessToken, function(err, response){ + var output = JSON.stringify(response, null, 2); + if (err) { + var html = '<pre>Oops! There was an error logging you in. \r\n\r\n'; + html += 'Error: \r\n' + output+'</pre>'; + } else { + var html = '<pre>Hurray! You have been logged in. \r\n\r\n'; + html += 'Facebook Token: ' + '\r\n' + facebookAccessToken + '\r\n\r\n'; + html += 'Facebook Profile data stored in Usergrid: \r\n' + output+'</pre>'; + } + $('#facebook-status').html(html); + }) + } +</pre></div> +</div> +<p>The <code class="docutils literal"><span class="pre">client.loginFacebook()</span></code> function is provided by the Usergrid +JavaScript SDK. It uses the Facebook auth token to obtain an Usergrid +auth token. If the Facebook access token is valid and the user does not +already exist in Usergrid, the function creates a user entity for the +user. It also uses the Facebook access token to retrieve the user’s +profile information from Facebook.</p> +<p>Here is what the <code class="docutils literal"><span class="pre">client.loginFacebook()</span></code> function looks like:</p> +<div class="highlight-python"><div class="highlight"><pre>Usergrid.Client.prototype.loginFacebook = function (facebookToken, callback) { + var self = this; + var options = { + method:'GET', + endpoint:'auth/facebook', + qs:{ + fb_access_token: facebookToken + } + }; + this.request(options, function(err, data) { + var user = {}; + if (err && self.logging) { + console.log('error trying to log user in'); + } else { + user = new Usergrid.Entity('users', data.user); + self.setToken(data.access_token); + } + if (typeof(callback) === 'function') { + callback(err, data, user); + } + }); +} +</pre></div> +</div> +<p>Notice that the function also returns an Usergrid access token, which +you can use for subsequent Usergrid API calls.</p> +<p>Remember to create a client for your app, which is the main entry point +to the JavaScript SDK for Usergrid. You need to do this before you can +use the SDK. Hereâs the code to create a client:</p> +<div class="highlight-python"><div class="highlight"><pre>var client = new Usergrid.Client({ + orgName:'yourorgname', + appName:'yourappname', + logging: true, //optional - turn on logging, off by default + buildCurl: true //optional - turn on curl commands, off by default +}); +</pre></div> +</div> +</div> +</div> +</div> + + + </div> + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="securing-your-app.html" class="btn btn-neutral float-right" title="Security best practices" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="revoking-tokens-logout.html" class="btn btn-neutral" title="Revoking tokens (logout)" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2013-2015, Apache Usergrid. + + </p> + </div> + Built with <a href="http://sphinx-doc.org/";>Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme";>theme</a> provided by <a href="https://readthedocs.org";>Read the Docs</a>. + +</footer> + + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'1.0', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html> \ No newline at end of file
