OAuth

Authorizing an OAuth app

When authorizing an OAuth app, a GET request must be sent to the /login/oauth/authorize endpoint, with the following parameters.

GET https://djinn-ci.com/login/oauth/authorize

NAMEDESCRIPTION

client_id

The client ID you received from Djinn CI when you created a new app.

redirect_uri

The URL in your app where users will be sent once authenticated.

scope

A space delimited list of scopes.

state

An optional random string used to protect from CSRF attacks.

Once the user has allowed your app access to their Djinn CI account, they will be redirect to the redirect_uri of your app. A temporary code will be paseed in the redirect_uri, this will expire after 10 minutes. If a state was given during authentication, then this will be sent back too, and should be checked on your end. If this state code does not match then you should abort immediately.

Extract the code from the redirect_uri and exchange it, with the following parameters,

POST https://djinn-ci.com/login/oauth/token

NAMEDESCRIPTION

client_id

The client ID you received from Djinn CI when you created a new app.

client_secret

The client secret you received from Djinn CI when you created a new app.

code

The code you recived during the redirect back to your app.

The parameters sent back to the endpoint should be encoded as a URL string, by default, the response will be URL encoded like so,

access_token=1a2b3c&token_type=bearer&scope=build:read,write

a JSON response cab be received by setting the Accept header to application/json,

{
    "access_token": "1a2b3c",
    "token_type": "bearer",
    "scope": "build:read,write"
}

Token scopes

A scope dictates the sort of access you need to the API. A single scope is made up of a resource, and the permissions for that resource. There are three permissions that a resource can have,

PERMISSION DESCRIPTION
read Allow au ser to get a resource.
write Allow a user to create or edit a resource.
delete Allow a user to delete a resource.

each individual scope is represented as <resource>:<permission>,..., for example.

buid:read,write,delete namespace:read,write

The above scope would grant the user the abillity to view, create, and kill builds, and view, create, and edit namespaces.