We would need some support on designing the auth & device setup flow for an organization model.
Our system’s architecture is like:
- mobile app —> my server —> particle cloud
- The only direct communication between our custom app and the particle cloud is during device setup.
We want to avoid the user having to create a Particle.io account and at the same time we wish to have control of the devices from our server. From the docs the solution is to use a two-legged auth workflow. However I’m a bit confused about how device setup & the two-legged auth can work hand-in-hand
I’m planning to setup the following flow for device setup-
- Customer opens product mobile app.
- Put the particle device in listening mode.
The flow takes to the user to device setup screens via the API.
- The API authenticates to Particle Cloud using OAuth credentials generated by me instead of showing up the Particle login/signup worflow.
Q1 : Is this feasible ? I found the doc here less adequate https://github.com/spark/spark-setup-android#organizations
To provide the ParticleCloud class with correct OAuth credentials for creating customers (so app users could create an account), read the instructions here ( link doesn’t have anything ).
Q2: Assuming I’m using 2-legged authentication, how do I pass on the access token generated in the server to the app ?
( https://docs.particle.io/guide/how-to-build-a-product/authentication/#4-create-claim-code-amp-send-to-device )
Q3: Having done the above, I wish to query some data about my customer’s device from my server. How do I do that?
I’m guessing that I would useaccess tokens generated after customer creation ( https://docs.particle.io/guide/how-to-build-a-product/authentication/#3-create-a-customer ) ?