CloudServices/Sagrada/TokenServer: Difference between revisions

CloudServices/Sagrada/TokenServer (view source)

Revision as of 18:47, 12 January 2012

85 bytes removed , 12 January 2012

→‎POST /1.0//request_token

Tarek.ziade

Confirmed users

927

edits

@@ Line 286: / Line 286: @@
 '''Unless stated otherwise, all APIs are using application/json for the requests and responses content types.'''
-== POST /1.0/<app_name>/request_token ==
+== GET /1.0/<app_name>/token ==
+Asks for new token given some credentials in the Authorization header.
-Asks for new token given some credentials. By default, the authentication protocol is Browser ID
+By default, the authentication scheme is Browser ID but other schemes can potentially be used if supported by the login server. '''app_name''' is the name of the application to access, like '''sync'''.
-but the '''X-Authentication-Protocol''' can be used to explicitly pick a protocol. If the server does not
-support the authentication protocol provided, a 400 is returned.
-'''app_name''' is the name of the application to access, like '''sync'''.
-When the authentication protocol requires something else than an Authorization header, the data is provided in
-the request body.
 Example for Browser-Id:
 <pre>
-POST /1.0/sync/request_token
+GET /1.0/sync/token
 Host: token.services.mozilla.com
 Content-Type: application/json
+Authorization: Browser-ID <assertion>
-{'assertion': XXX}
 </pre>
@@ Line 335: / Line 328: @@
 * 404 : unknown URL (0), or unsupported application (1).
 * 400 : malformed request - missing option or bad values(2) or malformed json (3) or unsupported authentication protocol (4)
-* 401 : authentication failed (5)
+* 401 : authentication failed or protocol not supported (5). The response in that case will contain WWW-Authenticate headers (one per supported scheme)
 * 405 : unsupported method (6)
 * 406 : unacceptable - the client asked for an Accept we don't support (7)