I have a few questions as I try and wrap my head around authentication.
Does OAuth always involve Products? Various parts of the tutorial seem to suggest that the answer might be:
a): No, because it says: “You can create OAuth clients on behalf of your Particle user (to interact with devices your account has claimed), or on behalf of a Particle product (to interact withe devices in the product fleet).”
b) Yes, because it seems to leave no wiggle room here: “You will create your OAuth client using the Authentication view in your product’s Particle console. For info on how to find the Authentication page and create a client, …”
In a), is the “Particle user” equivalent to customer? Or is customer only used when talking about products?
Also, if a) is correct, is that the reason there are two places where you can create clients in the console – one at the top level, the other within a product?
Finally, when the write productIdOrSlug, what’s a slug?
There are a few concepts to understand and it took me a while and a few questions.
“Particle user” equivalent to customer? Or is customer only used when talking about products?
IMO - Particle User refers to someone with a Particle account. A customer does not need to have a Particle Account to use a Particle device because you can create a Product which uses the product maker's Particle account. There are several ways your Product can interact with the end user and be authenticated.
is that the reason there are two places where you can create clients in the console – one at the top level, the other within a product?
This threw me initially, depending upon the customer/end user model used you create an Oauth client and then have to generate an authorisation key. It is a 2 step process.
Finally, when the write productIdOrSlug, what’s a slug?
A slug is the part of a URL which identifies a particular page on a website in an easy to read form. In other words, it’s the nice part of the URL, which explains the page’s content. Just insert the productID e.g. 7676.
Thanks for your response, armor, it’s very helpful. I’m still not quite sure why there are two authentication places, but I’ve got things to work using a product, so I will stick with that.
This is the section from the Device Cloud Authentication Tutorial that is most relevant to answering your question:
A related concept to understand is how Particle uses access tokens for authentication and security. If you have ever logged into the Web IDE, called a function on a Particle device, or read a variable via the API, you are already using access tokens! It is important to note that OAuth credentials are needed to create access tokens.
So you have to create an OAuth client with a secret and then use the client ID and secret with a curl to the Particle Cloud to generate an access token or key. If you have navigated through this and it is working then you must have understood it!