Skip to content

Impersonation

Jump to bottom Edit New page
ciberch edited this page Sep 20, 2012 · 2 revisions

When to Use

To log the user in from an Activity Streams Engine client like a Mobile Device bypassing the 3-legged OAuth, you can pass their credentials via Authentication headers(using Basic Auth) or via query string.

This can be done on any HTTP request except /logout provided the user is not already signed in.

Query String Params

  • token - The access token. Note on iOS6 you can get this for FB and Twitter
  • provider - One of: facebook, twitter or github

Example Query String:

http://asms.cloudfoundry.com/?token=AAAFsh.nvJOcR1Xh7MyMqnPTgZDZD&provider=facebook

Support for exchanging the provided access token for a session (via cookies)

Pass access token via basic auth where the username is the provider and the password is the access token for FB and Github and for FB the username is the key and the password is the secret

Example Basic Auth

Authorization: Basic bWNpYmVyY2g6Mjk0MDJ1cmVrZm5qd2Vua2p0aG5la2o0dGg1M3U0aTV5aDNwOTQ1OTM1
Accept: */*
...

Request Url: https://asms.cloudfoundry.com/me
Request Method: GET
Status Code: 200
Params: {}

Response 200 OK and cookie headers

Add a custom footer
Add a custom sidebar
Clone this wiki locally