OAuth2/en

From Ace Stream Wiki
Jump to: navigation, search

OAuth2 protocol allows third-party sites to get a limited access to personal data of Ace Stream user, such as e-mail and a public key of the user.

What do you need to work with Ace Stream OAuth2

To get ability to use Ace Stream OAuth2, you have to register as a reseller in Ace Stream system. Resellers are able to create markets - usually, these are sites through which options are sold to users. Each market gets access to OAuth2.

Common work scheme

Reseller publishes on his site a link with a name like "Log in via Ace Stream", which leads here:

https://accounts.acestream.net/oauth/v2/auth?client_id=[CLIENT_ID]&response_type=code&redirect_uri=[REDIRECT_URI]&scope=userkey+email

The following parameters are inserted in the link:

  • [CLIENT_ID] - market's identifier, which the reseller can find out in settings of his market
  • [REDIRECT_URI] - link, to which the user will be redirected after a successful login. This link has to be listed in Redirect URI in market's settings

After following this link, the user is authorized in Ace Stream system and then redirected to the specified [REDIRECT_URI].

If during authorization an error was occurred, parameters error error_description describing the error are sent to [REDIRECT_URI].

After successful authentication parameter code is passed: this is an authorization code for getting access_token.

After receiving the code third-party site should get access_token. For this POST-request with the following parameters is sent to https://accounts.acestream.net/oauth/v2/token:

  • client_id - market's identifier
  • client_secret - secret market key (you can find it out in market's settings)
  • code - confirmation code obtained earlier
  • grant_type - string "authorization_code"
  • redirect_uri - link specified in the first request

Response to this request is sent in JSON format.

In case of an error field error_description with error decription is present in the response.

If successful, the access token in the field access_token is sent in the response.

Using the access token third-party site is able to get e-mail and public key of the user. For this GET-request with the following parameters is sent to https://accounts.acestream.net/oauth/api:

  • method - string "getUserInfo"
  • access_token - access token obtained earlier

If the request was successful, user's data in JSON format are sent in response:

{
  "user": {
    "email": "USER_EMAIL",
    "key": "USER_KEY"
  }
}