CPA

[Smart device] Register

Device starts a register process by sending a few information about itself

curl -X "POST" "http://IDP_HOST/register" \
     -H 'Content-Type: application/json' \
     -d $'{
  "software_id": "cpa-test-client",
  "software_version": "1.0.0",
  "client_name": "My test device"
}'

Should respond with a 'client_id' and a 'client_secret'.

{"client_id":"123","client_secret":"12312312312312312312312312312312"}

[Smart device] Associate

Now device request an association code

curl -X "POST" "http://IDP_HOST/associate" \
     -H 'Content-Type: application/json ' \
     -d $'{
  "client_id": "123",
  "client_secret": "12312312312312312312312312312312",
  "domain": "cpa.rts.ch"
}'

Should respond with a code and a validation uri

{  
   "device_code":"12345678-1234-1234-1234-123456789abc",
   "user_code":"1234567",
   "verification_uri":"http://IDP_HOST/verify",
   "interval":5,
   "expires_in":3599
}

[Smart device] Polling

After device has requested association, it starts pooling the service waiting for the user for a web validation

curl -X "POST" "http://IDP_HOST/token" \
     -H 'Content-Type: application/json' \
     -H 'Cookie: identity.provider.sid=s%3AaD2HUH8GiRy1-IbJxuyNipRjjgD0qsZy.GsjSJ8w%2FMEiCtHLsDmWdpi566szp3ONEezi7WYkJfzA' \
     -d $'{
  "client_id": "123",
  "domain": "cpa.rts.ch",
  "device_code": "12345678-1234-1234-1234-123456789abc",
  "client_secret": "12312312312312312312312312312312",
  "grant_type": "http://tech.ebu.ch/cpa/1.0/device_code"
}

Server should respond authorization_pending as soon as the user hasn't "verified" device code

{"reason":"authorization_pending"}

[User browser] verify device code

User may go to validation url (see [Device] Associate) and validate the code (user has to be logged in)

In current sample url is http://IDP_HOST/verify and code is 1234567

Another way is to create an URI for direct verification, e.g. for QR-Codes. Issue a GET request to the IDP and add user_code and redirect_uri as get parameters, for example: http://IDP_HOST/verify?user_code=1234567&redirect_uri=/profile. This will show a verification screen without the need to type in the code and redirect to the given uri after the user accepted or declined the pairing request.

[Smart device] Obtain a bearer token

As soon as the user has validated the code, the pooling request should returns

{  
   "access_token":"123456789abcdef123456789abcdef12",
   "token_type":"bearer",
   "expires_in":86399,
   "domain":"cpa.rts.ch",
   "domain_display_name":"CPA",
   "user_name":"John Doe"
}

accessing a secured service

GET History

User can access history or playlist authenticated API. Those API support several Autorization: Bearer <token> mode (oAuth otken or cpa token). So user has to provide an additional header to tell API to check the token against cpa: Token-Type: cpa

curl "http://HISTORY_API_HOST_/historyapi" \
     -H 'Authorization: Bearer 123456789abcdef123456789abcdef12' \
     -H 'Token-Type: cpa'

Should respond with some history data:

{  
   "data":[  
      {  
         "id":817432,
         "item_id":"urn:rts:video:9661840",
         "date":1529497792523,
         "last_playback_position":12.071572,
         "device_id":"srg-player"
      },
      {  
         "id":804676,
         "item_id":"urn:rts:video:9200409",
         "date":1527233736248,
         "last_playback_position":2.754293,
         "device_id":"srg-player"
      },
      {  
         "id":299747,
         "item_id":"urn:rts:video:8933496",
         "date":1505913331000,
         "last_playback_position":0.0,
         "device_id":null
      }
   ],
   "total":3,
   "next":null
}