I’m working on building a client to work with our customers Particle devices (Controleverything.com), We initially built a JS client called Mobicle, and eventually decided to provide a more full featured solution that wasn’t client side, and provided some additional security, and customization options.
I’ve been working on the authentication flow for this new “Mobicle” and am a little stumped, I tried mimicking the IFTTT flow to allow for particle login and token creation for our client (I have created an organization and have a UI for creating clients already that works nicely), the problem is in the redirect after the user logs in at particle, and approves the scope, I receive a code back, but I’m not rightly sure how to proceed. I initially thought it was an access token, but it clearly isn’t (or at least isn’t being attached to the user account).
I also have set up the ability to create customers and attach products to them through the UI, but this is a little beyond the scope of what our intended use is.
As a side note, this project while no longer client side, is still open source. I plan on posting most of what I have Monday to github after a bit of cleanup, it is built as a suite of modules for Drupal, so setup is pretty painless. We really appreciate all the awesome work you guys have done and continue to do and hope we can help by contributing whatever we can!
I’d love to move this forward but could really use some guidance, I know everyone has a lot on their plate right now, but I would appreciate any help you could provide!
Ok, I should have read up a little more before this post, apparently I wasn’t totally educated on the authorization code flow. So I guess what I need to know is how do I exchange the code for an access token?
And I figured it out… Sorry to clutter the forum!
If you wouldn’t mind sharing, others might be able to benefit from your findings?
Sorry, should have posted this yesterday after I figured it out. So this assumes you have an organization (created through the Particle dashboard) and have created a client for it. The flow I’m using basically goes like this:
The variables referred to shouldn’t actually be wrapped in
, and are:
- [client_id] = the unique ID particle returns when you create a client
- [client_secret] = the secret code returned after the creation of a client
- [scope] = As explained in the link above (it says only create_customer is valid, but I’m sending the name of my app and it asks for full permissions)
- [state] = I am sending a random key that is associated with the user currently logged in to my app, this is returned in the redirect (I use session authentication as well, it’s obviously not secure to assume an identity based on a plain text token passed in a get request)
- [code] = The code returned after step 1
Direct user to particle to login
- User will enter their credentials and be asked to accept the permissions the client is requesting (presumably controlled by the “scope” parameter).
Particle will redirect after the, user logs in, to an https (protocol MUST be https) endpoint defined when you create your client with 2 things in the query string, a “code” and the “state” you sent.
Send POST to particle API with the code
- For consistency sake I’ll post this like the other POST requests in the docs, using curl:
curl https://api.particle.io/oauth/token -u [client_id]:[client_secret] -d grant_type=authorization_code -d code=[code]
Particle’s response will match the response shown in the docs for generating an access token
Your client can now use that access token for the user exactly as you normally would.
I hope this helps someone else! We are super excited to be able to set up a client to give our customers a simple interface for interacting with their Particle devices, not to mention our devices they have connected to their Photons and Electrons.
Thank you guys for all the awesome work, and for providing everyone with this community to interact with each other through!