When authorizing an OAuth app, a GET
request must be sent to the /login/oauth/authorize
endpoint, with the following parameters.
GET https://djinn-ci.com/login/oauth/authorize
NAME | DESCRIPTION |
---|---|
| The client ID you received from Djinn CI when you created a new app. |
| The URL in your app where users will be sent once authenticated. |
| A space delimited list of scopes. |
| An optional random string used to protect from CSRF attacks. |
Once the user has allowed your app access to their Djinn CI account, they will be redirect to the redirect_uri
of your app. A temporary code
will be paseed in the redirect_uri
, this will expire after 10 minutes. If a state
was given during authentication, then this will be sent back too, and should be checked on your end. If this state code does not match then you should abort immediately.
Extract the code
from the redirect_uri
and exchange it, with the following parameters,
POST https://djinn-ci.com/login/oauth/token
NAME | DESCRIPTION |
---|---|
| The client ID you received from Djinn CI when you created a new app. |
| The client secret you received from Djinn CI when you created a new app. |
| The code you recived during the redirect back to your app. |
The parameters sent back to the endpoint should be encoded as a URL string, by default, the response will be URL encoded like so,
access_token=1a2b3c&token_type=bearer&scope=build:read,write
a JSON response cab be received by setting the Accept
header to application/json
,
{
"access_token": "1a2b3c",
"token_type": "bearer",
"scope": "build:read,write"
}
A scope dictates the sort of access you need to the API. A single scope is made up of a resource, and the permissions for that resource. There are three permissions that a resource can have,
PERMISSION | DESCRIPTION |
---|---|
read | Allow au ser to get a resource. |
write | Allow a user to create or edit a resource. |
delete | Allow a user to delete a resource. |
each individual scope is represented as <resource>:<permission>,...
, for example.
buid:read,write,delete namespace:read,write
The above scope would grant the user the abillity to view, create, and kill builds, and view, create, and edit namespaces.