preface
Development Authorization (OAuth2) is an open standard that allows a user to give third-party applications access to the user’s private information stored on a site (such as photos, videos, contact lists) without having to provide a user name and password to third-party applications.
OAuth2 allows users to provide a token, rather than a username and password, to access the data they store with a particular service provider. Each token grants a specific site (for example, a video editing site) access to a specific resource (for example, just a video in a photo album) for a specific period of time (for example, the next 2 hours). In this way, OAuth lets users authorize third-party sites to access specific information they store with another service provider, but not all of it.
Understand OAuth2 protocol
- Resource Owner
- Client/Third-party Application (Client /App)
- Resource Server
- Authorization Server
The client application must first register with the authorization server associated with the resource server. This is usually a one-time task, and once registered, the registration remains valid unless the customer requests cancellation. At registration time, the authorization server assigns a client ID and a client key (password) to the client application. The client ID and password are unique to the client application on the authorization server.
A typical process
- Authorization Code Grant
In authorization Code mode, a third-party application first applies for an authorization code and then obtains a token using the code.
This approach is the most common process and the most secure, and is suitable for Web applications that have a back end. Authorization codes are transmitted through the front end, tokens are stored in the back end, and all communication with the resource server is done in the back end. This separation of the front and back ends prevents token leakage.
- Hidden (implicit)
Some Web applications are pure front-end applications without a back end. In this case, you can’t use the above method and must store the token in the front end. RFC 6749 provides a second approach that allows tokens to be issued directly to the front end. This approach has no intermediate step called an authorization code, so it is called “implicit.”
- Password Credentials Grant
RFC 6749 also allows users to give a user name and password directly to an application if you have high trust in it. The app uses your password to request a token, which is called “password”.
- The Client Credentials Grant
The last method is client credentials, which are suitable for command line applications without a front end, requiring tokens at the command line.
Graffiti Main License
Cloud development platform provides different types of devices with different communication capabilities to support makers and manufacturers in a variety of home, business and urban scenarios. Cloud development platform with the help of graffiti mature IoT services, combined with different docking scenarios, provides a variety of docking modes.
-
Simple mode (implicit authorization) cloud development platform provides a docking method based on OAuth 2.0 protocol. Developers can apply for cloud API on graffiti AI+IoT development platform, call graffiti API according to graffiti API interface specifications, obtain user and device data of developers, and control devices through permissions.
Note: For example, developers can scan their Doodle Smart App user accounts on the platform (or create OEM applications and products) to obtain user data or device data through the account.
-
In the expectation of authorization code mode (explicit authorization) development, after the cloud API key is applied to the cloud development platform, developers can invoke the doodle open interface based on doodle API interface specification to obtain resource data under authorization.
Note: Authorization code is mainly used in clustering scenarios where OEM applications are not created on the Graffiti AI+IoT development platform.
OAuth2 doodle Cloud development platform
-
Doodle Cloud development platform
-
Documentation and Usage
Easy to use and operate
Cloud development platform is a cloud open platform of Internet of Things created by graffiti. It provides various cloud services including OpenAPI for application developers, device manufacturers and solution providers of various industries, covering the universal capabilities of core scenes such as device control, whole house management and scene automation. It also integrates THE PaaS capabilities in vertical fields such as smart security, smart business, smart community, smart hotel and smart apartment. Based on the cloud development platform and supporting technical services, developers can quickly build smart city, smart business, smart industry and other industries solutions around Powered by Tuya devices.
In the Doodle Cloud development platform, in order to use the API provided by the development platform, you need to create a project first. A cloud development project is a collection of IoT platform resources (devices, API permissions, data assets, etc.) that are isolated from each other. We will give each project a unique Client ID and Client Secret.
The use of ID and Secret is similar to the public and private key schemes used in other protocols. You can use a programming language you are familiar with to combine ID and Secret and add a signature to each request you make, thus demonstrating your identity to the graffiti development platform.
These operations on the doodle development platform correspond to steps (1), (2), (3) and (4) in the figure above. We can get Access Token through ID and Secret on the development platform.
After getting Access Token, developers can realize the development of internal business logic by calling API form. Device status monitoring is enabled in the form of message queues to enable third-party developers to monitor device status and realize linkage between different devices.
Rich resources and interfaces
Distribution network management
With the enhancement of the richness of product network configuration modes, the cloud development platform iterates on the mainstream network configuration capabilities and provides permission management interfaces to meet the demands of different network configuration modes, such as Wi-Fi network configuration, Bluetooth network configuration, Bluetooth & Wi-Fi dual-mode network configuration and so on.
The API list
| Request way | API | Device type | Interface specification |
|---|---|---|---|
| POST | / v1.0 / device/paring/token | General equipment | Generate a network configuration token. |
| GET | / v1.0 / device/paring/tokens / {token} | General equipment | Obtain the network device list. |
| PUT | / v1.0 / devices / {device_id} / enabled – sub – discovery | Zigbee devices | The open gateway allows sub-devices to access the network. |
| GET | / v1.0 / devices / {device_id} / list – sub | Zigbee devices | Gets the list of currently connected sub-devices. |
| GET | / v1.0 / devices / {device_id} / sub – devices | Zigbee devices | Gets the list of sub-devices under the gateway. |
Device control
Gets device control-related instruction sets, specification attributes, the latest status, and the interface for delivering device instructions.
| Request way | API | describe |
|---|---|---|
| GET | / v1.0 / functions provides / {category} | Gets the instruction set by category |
| GET | / v1.0 / devices / {device_id} / functions provides | Gets the instruction set by device |
| GET | / v1.0 / devices / {device_id} / specifications | Get device specification attributes (including instruction set and state set) |
| POST | / v1.0 / devices / {device_id} / commands | Sending equipment instruction |
| GET | / v1.0 / devices / {device_id} / status | Obtain the latest device status |
Equipment management
.
You can sign up for the Doodle IoT platform to experience the exploration and practice of doodling based on OAuth2 on the developer platform, as well as feel the many rich interfaces left for developers!
Quotes and more articles
(1) A simple explanation of OAuth2.0
(2) Four ways of OAuth2.0
(3) OAuth2.0 Wiki documentation
(4) Authorization management of Doodle Cloud development platform