When authorizing an OAuth app, a GET request must be sent to the /login/oauth/authorize endpoint, with the following parameters.
GET https://djinn-ci.com/login/oauth/authorize
| NAME | DESCRIPTION |
|---|---|
| The client ID you received from Djinn CI when you created a new app. |
| The URL in your app where users will be sent once authenticated. |
| A space delimited list of scopes. |
| An optional random string used to protect from CSRF attacks. |
Once the user has allowed your app access to their Djinn CI account, they will be redirect to the redirect_uri of your app. A temporary code will be paseed in the redirect_uri, this will expire after 10 minutes. If a state was given during authentication, then this will be sent back too, and should be checked on your end. If this state code does not match then you should abort immediately.
Extract the code from the redirect_uri and exchange it, with the following parameters,
POST https://djinn-ci.com/login/oauth/token
| NAME | DESCRIPTION |
|---|---|
| The client ID you received from Djinn CI when you created a new app. |
| The client secret you received from Djinn CI when you created a new app. |
| The code you recived during the redirect back to your app. |
The parameters sent back to the endpoint should be encoded as a URL string, by default, the response will be URL encoded like so,
access_token=1a2b3c&token_type=bearer&scope=build:read,write
a JSON response cab be received by setting the Accept header to application/json,
{
"access_token": "1a2b3c",
"token_type": "bearer",
"scope": "build:read,write"
}
A scope dictates the sort of access you need to the API. A single scope is made up of a resource, and the permissions for that resource. There are three permissions that a resource can have,
| PERMISSION | DESCRIPTION |
|---|---|
read | Allow au ser to get a resource. |
write | Allow a user to create or edit a resource. |
delete | Allow a user to delete a resource. |
each individual scope is represented as <resource>:<permission>,..., for example.
buid:read,write,delete namespace:read,write
The above scope would grant the user the abillity to view, create, and kill builds, and view, create, and edit namespaces.