API servera OAuth

 

OAuth Server API

AContent implements the OAuth Core 1.0 specification.

The OAuth protocol enables web service consumers to access protected resources via an API without requiring users to supply the service credentials to the consumers. It's a generic methodology for unobtrusive, wire protocol level authenticated data access over HTTP.

AContent exposes the following API endpoints:

Register consumer

Endpoint:

http://server-cname/oauth/register_consumer.php

Parameters


ParameterDescriptionDefault value
consumer Required. The encoded string of consumer name. None
expire Optional. The length of time in seconds that the access token is valid. The access token expires after this number of seconds since being assigned. When "expire" is set to 0, the access token never expires. 0

Example


Request
 
http://kniznica.sospreskoly.org/oauth/register_consumer.php?consumer=http%3A%2F%2Flocalhost%2Facontent%2F&expire=300

Goal: Registers consumer http://localhost/acontent/ and requests that the assigned access token expires in 5 minutes.

Success response
 
consumer_key=8862a51faa12c1b1&consumer_secret=79d591810c803167&expire=300

consumer_key and consumer_secret are both 16 characters long. expire_threshold confirms the access token expire duration.

Fail response
 
error=Empty+parameter+%22consumer%22

A fail response returns an error message.

Request token

Endpoint:

http://server-cname/oauth/request_token.php

Parameters


Both GET or POST methods are supported.

ParameterDescriptionDefault value
oauth_consumer_key Required. The consumer key. None
oauth_signature_method Required. The signature method the Consumer used to sign the request. None.
Or, One of these values: HMAC-SHA1, RSA-SHA1, and PLAINTEXT.
oauth_signature Required. The signature as defined in Signing Requests. None
oauth_timestamp Required. As defined in Nonce and Timestamp. None
oauth_nonce Required. As defined in Nonce and Timestamp. None
oauth_version OPTIONAL. If present, value MUST be 1.0. 1.0

Example


Request
 
http://kniznica.sospreskoly.org/oauth/request_token.php?oauth_consumer_key=8862a51faa12c1b1&
oauth_signature_method=HMAC-SHA1&oauth_signature=tVWpcskRSY34wxhv%2BP9NcgXuuGk%3D&
oauth_timestamp=1255524495&oauth_nonce=3e43dd6ce0e09614e79e2a4b53e124c8&oauth_version=1.0
Success response
 
oauth_token=086cbfe90b41a7fdf9&oauth_token_secret=55e2bd8454b2f75a21

oauth_token and oauth_token_secret are both 18 characters long.

Fail response
 
error=Consumer+is+not+registered

A fail response returns an error message.

Authorization

Endpoint:

http://server-cname/oauth/authorization.php

Parameters


ParameterDescriptionDefault value
oauth_token Required. The Request Token obtained in the previous step. None
oauth_callback Optional. The Consumer MAY specify a URL the Service Provider will use to redirect the User back to the Consumer along with the request token when Obtaining User Authorization is complete. If this parameter was not given or empty, the message "User was authenticated successfully" will be returned as a success response. 0

Example


Request
 
http://kniznica.sospreskoly.org/oauth/authorization.php?oauth_token=086cbfe90b41a7fdf9&oauth_callback=http%3A%2F%2Fkniznica.sospreskoly.org%2F
Success response

Redirect the User back to the URL specified in oauth_callback along with the send-in request token "oauth_token". If oauth_callback is not given or empty, the message "User was authenticated successfully" will be returned.

Fail response
 
error=Empty+oauth+token

A fail response returns an error message.

Access token

Endpoint:

http://server-cname/oauth/access_token.php

Parameters


ParameterDescriptionDefault value
oauth_consumer_key Required. The consumer key. None
oauth_token Required. The Request Token obtained previously. None.
oauth_signature_method Required. The signature method the Consumer used to sign the request. None.
Or, one of these values: HMAC-SHA1, RSA-SHA1, and PLAINTEXT.
oauth_signature Required. The signature as defined in Signing Requests. None
oauth_timestamp Required. As defined in Nonce and Timestamp. None
oauth_nonce Required. As defined in Nonce and Timestamp. None
oauth_version OPTIONAL. If present, value MUST be 1.0. 1.0

Example


Request
 
http://kniznica.sospreskoly.org/oauth/access_token.php?oauth_consumer_key=8862a51faa12c1b1&oauth_token=086cbfe90b41a7fdf9&
oauth_signature_method=HMAC-SHA1&oauth_signature=tVWpcskRSY34wxhv%2BP9NcgXuuGk%3D&oauth_timestamp=1255524495&
oauth_nonce=3e43dd6ce0e09614e79e2a4b53e124c8&oauth_version=1.0
Success response
 
oauth_token=086cbfe90b41a7fdf9&oauth_token_secret=55e2bd8454b2f75a21

oauth_token and oauth_token_secret are both 18 characters long.

Fail response
 
error=Invalid+oauth+request+token

A fail response returns an error message.

Note that the access token can be reused during the expire threshold is reached. Expire threshold is defined in the register consumer request.

Import Common Cartridge or Content Package into AContent

Until here, with a set of token credentials, the client is now able to import common cartridges or content packages into AContent as a new lesson. The generated course ID is returned at success. Or, an error message is returned at fail.

Endpoint:

http://server-cname/home/ims/ims_import.php

Parameters


ParameterDescriptionDefault value
oauth_token Required. The Access Token obtained previously. None.
url Required. The URL pointing to a zip file of the common cartridge or content package. None.

Example


Request
 
http://kniznica.sospreskoly.org/home/ims/ims_import.php?oauth_token=9941b13ebc574a62d0&
url=http%3A%2F%2Fatutor.ca%2Fdemo%2Fmods%2F_core%2Fimscp%2Fims_export.php%3Fcid%3D0%26c%3D15%26m%3D7478785009a6629d0a5d5b5ff5850eb8
Success response
 
course_id=20

course_id is the number ID of the newly-imported lesson. This ID can be used to view and download the imported lesson. Refer to Web Service API for details.

Fail response
 
error=User+has+no+author+privilege
error=Empty+OAuth+token
error=Invalid+OAuth+token
error=OAuth+token+expired
error=Invalid+imported+file
error=Cannot+create+import+directory
error=IMS+manifest+file+does+not+appear+to+be+valid
error=Error+at+parsing+IMS+manifest+file

A fail response returns an error message. Could be any of the above.