README
Guide will go here
console.log('hello world');
Using OAuth 2.0 to Access QuantiModo APIs
Quantimodo APIs use the OAuth 2.0 protocol for authentication and authorization. To begin, obtain OAuth 2.0 client credentials from QuantiModo Developer Registration Portal. Once you have our reply with the credentials, Then your client application should request an access token from the QuantiModo Server, then extract the token from the response, and send the token to the QuantiModo API for further method calls.
Basic Steps
All applications follow a basic pattern when accessing QuantiModo API using oAuth 2.0. At a high level, you follow four steps:
1. Obtain OAuth 2.0 credentials from the QuantiModo Developer Registration Portal.
Visit the QuantiModo Developer Registration Portal to obtain OAuth 2.0 credentials such as a client ID and client secret that are known to both QuantiModo API.
2. Obtain an access token from the Authorization Server.
Before your application can access data using QuantiModo API, it must obtain an access token that grants access to the API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.
3. Send the access token to API.
After an application obtains an access token, it sends the token to the QuantiModo API in an HTTP authorization header.
Access tokens are valid only for the set of operations and resources described in the scope of the token request. For example, if an access token is issued for only reading data, it does not grant access to making changes to data.
4. Refresh the access token, if necessary.
Access tokens have limited lifetimes. If your application needs access to QuantiModo API beyond the lifetime of a single access token, it can make use of the refresh token. A refresh token allows your application to obtain new access tokens.
Token Expiration
You should write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons:
- The user has revoked access.
- The token has not been used for the maximum threshold time.
- The user account has exceeded a certain number of token requests.
Implementation Guide
1. Register your application.
Register your client Application With QuantiModo Developer Registration Portal.
For Web-apps, make sure to give a live
Redirect URL. QuantiModo will return theAccess Tokenas a Query Parameter at thetoken.
For Mobile-Web apps such as
Ionic/PhoneGapyou can give any placeholder URL as a Redirect URL such ashttp://localhost/callback, as we will only make use of it as a signal that the device has received an access token.
2. Send Authorization Request.
Head over to GET Authorization Token section of the QuantiModo API.
For Web apps navigate the user to
https://quantimodo-quantimodo-v1.p.mashape.com/oauth2/authorizewith the required headers such as yourclient_idandclient_secret. Set theresponse_typetocodefor allowing us to get theauthorization tokenthrough another request.
You can redirect simply:
// to redirect the same webpage
window.location.href = “https://quantimodo-quantimodo-v1.p.mashape.com/oauth2/authorize?response_type=code&client_id=some_id&client_secret=our_secret”;
This will redirect the user to the login page, where user can login and when user grant’s permissions, it will redirect back to the URL your client app has provided as the Redirect URL
For Mobile Web apps: We can make use of the cordova plugin
InAppBrowserto open the url.InAppBrowserlet’s you open the native browser on top of your app with a seamless experience.
Add the plugin by running this command:
cordova plugin add https://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser.git
Once done, you can open a url simply by calling
var url = “https://quantimodo-quantimodo-v1.p.mashape.com/oauth2/authorize?response_type=code&client_id=some_id&client_secret=our_secret”;
var ref = window.open(url,’_blank’);
This will open the browser on top of your app which will ask the user to login and authorize the permission, upon user’s submission, the browser will then redirect to the redirect url your app has provided before.
3. Extract Token from the Url
Web apps can extract the authorization_token from the url, when they are navigated back to the URL provided as the redirect_url.
They can do it via:
var getUrlParameter = function (url, sParam) {
var sPageURL = url.split(‘?’)[1];
var sURLVariables = sPageURL.split(‘&’);
for (var i = 0; i < sURLVariables.length; i++)
{
var sParameterName = sURLVariables[i].split(‘=‘);
if (sParameterName[0] == sParam) return sParameterName[1];
}
return false;
};
var code = getUrlParameter(window.location.href.toString(),’code’);
var error = getUrlParameter(window.location.href.toString(),’error’);
Mobile web apps should listen on the
loadstartevent of the InAppBrowser and match the url with the redirect URL, using it as a signal that the server has responded.
To achieve that,
javascript
// extract url parameters
// returns the value of the search term or false
var getUrlParameter = function (url, sParam) {
var sPageURL = url.split(‘?’)[1];
var sURLVariables = sPageURL.split(‘&’);
for (var i = 0; i < sURLVariables.length; i++)
{
var sParameterName = sURLVariables[i].split(‘=‘);
if (sParameterName[0] == sParam) return sParameterName[1];
}
return false;
};
// open InAppBrowser
var ref = window.open(url,’_blank’);
// Listen on loadstar event
ref.addEventListener(‘loadstart’, function(event) {
if(event.url.indexOf(“/callback”)!== -1) {
if(!utilsService.getUrlParameter(event.url,’error’)) {
var token = getUrlParameter(event.url, ‘code’);
// Got the Authorization Token
ref.close();
} else {
console.log(getUrlParameter(event.url, ‘error’));
ref.close();
}
}
});
# 4. Send the Authorization Token to Receive a Request Token.
* Head over to `https://www.mashape.com/quantimodo/quantimodo#get-access-token` for the QuantiModo’s API call for generating Access Tokens.
* Make a `GET` request to `https://quantimodo-quantimodo-v1.p.mashape.com/api/oauth2/token` with the authorization token as a query parameter and a client_id and client_secret as before. (with other optional parameters. [`See docs`](https://www.mashape.com/quantimodo/quantimodo#get-access-token)) You will receive the access Token which can be used to make any other API requests that you wish to make.
# 5. Make other API requests with the request Token attached as a Header.
You should attach `Authorization` header with a value of `Bearer sample_access_token`
```javascript
var request = {
method : 'GET',
url: 'api/sample',
responseType: 'json',
headers : {
"Authorization" : "Bearer " + token.access_token,
'Content-Type': "application/json"
}
};
$http(request).success(function(response){
// do something with the response
});
##Refreshing the token
Once you receive the token as a repsonse from api/oauth2/token your application should make use of the expires_in value in response. This represents the time in after when the token is going to expire, make sure that you refresh the token before the token expires.
To
renewan expired token you can make the call toapi/oauth2/tokenwithrefresh_tokenas a parameter, this time you will have to set thegrant_typetorefresh_token.
// example refrefh_token request
$http.post('api/oauth2/token', {
client_id : 'my_client_id',
client_secret : 'my_client_secret',
refresh_token: localStorage.refresh_token || 'my_refresh_token',
grant_type: 'refresh_token'
});
You can keep track of the time by calculating expires at in milliseconds EPOCH and storing it.
// calculate expiry time in milliseconds epoch
var expires_in = response.expires_in;
var expires_at = new Date().getTime() + parseInt(expires_in, 10) * 1000 - 60000;
// store the time in localstorage
localStorage.expires_at = expires_at;
// store the access_token in localstorage
localStorage.access_token = response.access_token;
// store the refresh_token in localstorage
localStorage.refresh_token = response.refresh_token;
Now everytime, we make a request to API, we can check it if the token has expired or not i.e current time is greater then expired time or not.
var now = new Date().getTime();
if (now < localStorage.expires_at) {
// valid token
// make requests further
} else {
// invalid token please refresh the token
}