I’m in the midst of setting up two-legged authentication between our NodeJS server and Particle. I’ve run into a handful of questions I was unable to find on the forums or docs, hoping some of ya’ll may have some insights.
My big-picture goals are:
- Create customers
- Claim devices
- Provision tokens to client-side code that only allows reading of a particular customer’s devices
What I’ve managed to do:
- Create a two-legged OAuth client using the Particle Console (granting full permissions)
- Can get a token using the client id/secret from the OAuth Client
- Can use this token to create customers (I think, more on this below)
- Outside of the OAuth client, have claimed a device (did this using the JS-api last week)
The value of the scope parameter is expressed as a list of space-
delimited, case-sensitive strings. The strings are defined by the
Under creating an OAuth2 client in the Particle docs, the
scope argument has this line in it:
Limits the scope of what the access tokens created using the client are allowed to do. Provide a space separated list of scopes. The only current valid scope is create_customer. Leave blank for full control
Does this mean the only scopes available for our OAuth clients are
full_control? I was hoping that I could use these OAuth tokens to meet my #3 goal above.
When creating a customer, is there a difference between creating them under an org vs a device? I.e.:
What’s needed to have a customer show up on the Particle Console? I’ve managed to create a customer successfully using one of the above endpoints (I honestly don’t remember which one). Under
Devices I see the
Owner set to the same email as the customer I created. So, as far as I know, I have a Customer with a Claimed device, but don’t see any Customers on the Particle Console.
Is there any documentation that explains the relationships between all the Particle objects? I’ve been trouble find anything that explictily explains the relationship between Orgs, Devices, Customers, etc.