- get access token to use Google and Facebook API (e.g Livestream, Facbook Post...)
- devices can also send access token Cloud. Cloud receives access token to identify owner of devices.
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a user. It is specified in RFC-6749.
Recently, IETF has added an OAuth 2.0 extension draft, which allows IoT devices to login to the service provider. Google and Facebook has supported this extension.
Google Document: OAuth 2.0 for TV and Limited-Input Device Applications
Facebook Document: Facebook Login for Devices
Step 1: Request device and user codes
Step 2: Handle the authorization server response
The return value from authorization server will be used in the next steps
Step 3: Display the user_code and verification_url on a display component (e.g LCD, monitor, LED..)
Step 4: User Login:
- open web browser on any device
- access verification_url
- input user_code
- login to their account
Step 5: Poll authorization server
Device keeps polling authorization server until user logins
After user logins, authorization server will return access token and refresh token to devices
Step 6: Use token to call API ( in my code, get User Profile)
As described in step 3 and 4 of Protocol Flow, we need:
- Display component (such as LCD, Monitor...) to show authorization code and verification url to user
- Web browser to login.
With PHPoC, we need to use ONLY web browser, helping reduce the cost. Authorization code and verification url is also send from device to web browser and shows to user.
This also bring more convenient by replacing manually input verification URL on web browser by clicking on a link.
Note that, we need to distinguish between your project account and user account.One project that you creates on developer account can allows a large number users to login. In development mode, the number of users is limited. Facebook allows only one users in development mode.
Step 1:Create a project on developer console and get credentials
- Google: https://console.developers.google.com/. Credentials are Client ID and Client Secret
- Facebook: https://developers.facebook.com/apps. Credentials are APP ID and Client Token
Step 2: Implement code for devices
see code in code part