Creating customers with 2 legged authentication


#1

Hi
I’m in the process of building an ios app (using the cloudsdk and devicesetup libraries) to interact with our P1 powered consumer device. I’ve got all the device functions working, and now starting to look at authentication. We have our own backend where we manage user accounts, so will be implementing 2 legged authentication. I have read through and mostly understand the official documentation around this, but I’m unclear about one point:

When you create a shadow customer (using POST /v1/products/:productIdOrSlug/customers) it associates the customer with that specific product. This is fine if you only have one product, but in the near future we will be developing more products that will need to be accessed through the same app. When this happens, will I need to create new shadow customer accounts for the new products? If so, will the customer be able to access both products from the same access token? Will the 2 accounts be linked in any way?

Any help or advice will be appreciated.

Thanks


#2

Two-legged shadow customers are tied to a specific product, mainly because they are generated using an oAuth client ID, which is product-specific.

Also each device can only be associated with one product, so presumably your one customer two apps scenario involves two different P1s.

You would need two different access tokens in that case, one for each device/account. However, this isn’t really a problem since you need to have some place to store the user’s token and get it from your server anyway. You’d just save multiple tokens, one for each app.

When you switch between different app modes within your mobile app, you’d just inject the appropriate access token for that device before accessing the Particle API from the mobile device.


#3

That makes sense, thanks for the quick reply.