API and Use

A backend app will be able to retrieve tokens with a request like the one below. This should not be called via any client-side code due to the inclusion of secrets. Token values shown are not valid. verify=False is needed due to self-signed cert currently in use:

>>> r = requests.get('https://test.commonsshare.org/token', 
    headers={
        'Authorization':'Basic 6edb5d6cfe47e561ffde0d9f7edbe6e81f984327830eb56d0eed57669f718036'
    }, 
    params={
        'uid':'<user-openid-subject>',
        'provider':'globus',
        'scope':'openid'},
verify=False)

If an application receives a url and redirect their user to it, then wants to wait until the user logs in, it can either poll with the above request, or add 'block':30 to the params. 30 is the value in seconds that the service will block, and can be any positive number up to the max configured in the service.

On success:

>>> r.status_code
200
>>> r.content
'{"access_token": "YjA0YmQyYWIxMjkyNzY2MTA3MDNkNDZiMDlmYTE4MmYwNTg5ZTk0YmZhOWZmMGUzODBkNzNmMzhiNzdkZTBiOAo="}'

On need to re-authenticate the user (either never logged in or could not refresh):

>>> r.status_code
401
>>> r.content
'{"authorization_url": "https://accounts.google.com/o/oauth2/v2/auth?state=5012cf5d4cd98f3135c16bb811c3304dd4807a079eb8887fae380b859ae3f343&nonce=1c6a94388d92596142088e31b6f7f8035ddfcef15c0da8b9f9dcc6188d8c370d&redirect_uri=https://test.commonsshare.org/authcallback&client_id=<omitted>&scope=openid&response_type=code&access_type=offline&login%20consent"}'

On failure due to invalid api-key:

>>> r.status_code
403

On a blocking request for a token which could not be met in the specified timeout:

>>> r.status_code
404

On failure for reason other than need to re-authenticate (malformed request, or internal error):

>>> r.status_code
500 (or anything else)