CPA
[Smart device] Register
Device starts a register process by sending a few information about itself
curl -X "POST" "http://IDP_HOST/register" \
-H 'Content-Type: application/json' \
-d $'{
"software_id": "cpa-test-client",
"software_version": "1.0.0",
"client_name": "My test device"
}'
Should respond with a 'client_id' and a 'client_secret'.
{"client_id":"123","client_secret":"12312312312312312312312312312312"}
[Smart device] Associate
Now device request an association code
curl -X "POST" "http://IDP_HOST/associate" \
-H 'Content-Type: application/json ' \
-d $'{
"client_id": "123",
"client_secret": "12312312312312312312312312312312",
"domain": "cpa.rts.ch"
}'
Should respond with a code and a validation uri
{
"device_code":"12345678-1234-1234-1234-123456789abc",
"user_code":"1234567",
"verification_uri":"http://IDP_HOST/verify",
"interval":5,
"expires_in":3599
}
[Smart device] Polling
After device has requested association, it starts pooling the service waiting for the user for a web validation
curl -X "POST" "http://IDP_HOST/token" \
-H 'Content-Type: application/json' \
-H 'Cookie: identity.provider.sid=s%3AaD2HUH8GiRy1-IbJxuyNipRjjgD0qsZy.GsjSJ8w%2FMEiCtHLsDmWdpi566szp3ONEezi7WYkJfzA' \
-d $'{
"client_id": "123",
"domain": "cpa.rts.ch",
"device_code": "12345678-1234-1234-1234-123456789abc",
"client_secret": "12312312312312312312312312312312",
"grant_type": "http://tech.ebu.ch/cpa/1.0/device_code"
}
Server should respond authorization_pending
as soon as the user hasn't "verified" device code
{"reason":"authorization_pending"}
[User browser] verify device code
User may go to validation url (see [Device] Associate) and validate the code (user has to be logged in)
In current sample url is http://IDP_HOST/verify and code is 1234567
Another way is to create an URI for direct verification, e.g. for QR-Codes. Issue a GET request to the IDP and
add user_code
and redirect_uri
as get parameters, for example:
http://IDP_HOST/verify?user_code=1234567&redirect_uri=/profile
. This will show
a verification screen without the need to type in the code and redirect to the given uri after the user
accepted or declined the pairing request.
[Smart device] Obtain a bearer token
As soon as the user has validated the code, the pooling request should returns
{
"access_token":"123456789abcdef123456789abcdef12",
"token_type":"bearer",
"expires_in":86399,
"domain":"cpa.rts.ch",
"domain_display_name":"CPA",
"user_name":"John Doe"
}
accessing a secured service
GET History
User can access history or playlist authenticated API.
Those API support several Autorization: Bearer <token>
mode (oAuth otken or cpa token). So user has to provide an additional header to tell API to check the token against cpa: Token-Type: cpa
curl "http://HISTORY_API_HOST_/historyapi" \
-H 'Authorization: Bearer 123456789abcdef123456789abcdef12' \
-H 'Token-Type: cpa'
Should respond with some history data:
{
"data":[
{
"id":817432,
"item_id":"urn:rts:video:9661840",
"date":1529497792523,
"last_playback_position":12.071572,
"device_id":"srg-player"
},
{
"id":804676,
"item_id":"urn:rts:video:9200409",
"date":1527233736248,
"last_playback_position":2.754293,
"device_id":"srg-player"
},
{
"id":299747,
"item_id":"urn:rts:video:8933496",
"date":1505913331000,
"last_playback_position":0.0,
"device_id":null
}
],
"total":3,
"next":null
}