OAuth 2.0 is an open account authorization standard. For more information about this standard, please see RFC 6749

AIOT cloud provides OAuth2.0 authorization code mode which is the most popular and safe authorization code mode. Its main process is as follows:

  1. The user accesses the client, which directs the former to the authentication server;
  2. The user chooses whether to grant client authorization;
  3. Assuming that the user is authorized, the authentication server directs the user to the redirection URI specified by the client in advance with an authorization code;
  4. After received the authorization code, the client apply to the authentication server for a token with the previous "redirection URI". Because this step is done on the backend server, this step is not visible to the user.
  5. The authentication server checks the authorization code and redirect to the specified URI. After confirming the authentication, the authentication server sends an access token and a refresh token to the client.

First, Authorization login

Name Description
URI https://aiot-oauth2.aqara.cn/authorize?client_id=xxx&response_type=code&redirect_uri=xxxx&state=xxx&theme=x
Description Show the authorization login UI and get the authorization code
Request method Get
Request parameters request_type = code; redirect_uri; scope [optional]; state [optional] any value, the authentication server still returns this value; theme [optional] page theme, now support three themes (0,1,2), the default is 0
Response data http: // redirect_uri? code = xxxx & state = xxx; authentication server callback url, whose code is the authorization code, valid for 10 minutes; state: if the client's request contains this parameter, the authentication server will response the same parameter.

Second, Get access-token

Name Description
URI https://aiot-oauth2.aqara.cn/access_token
Description apply for access_token
Request method Post (x-www-form-urlencoded)
Request parameters client_id: appIf of the third-party application; client_secret: appKey of the third-party application; grant_type: authorization_code; code; redirect_uri;
Response data { "state":"xxx","expires_in":7200(s), "token_type": "bearer", "refresh_token": "xxxxx", "access_token": "xxxxx", "openId", "xxxxx"(user's openId) }

Third, Refresh token

Name Description
URI https://aiot-oauth2.aqara.cn/access_token or https://aiot-oauth2.aqara.cn/refresh_token
Description Refresh access_token
Request method Post (x-www-form-urlencoded)
Request parameter client_id (appId of the third-party application); client_secret (appKey of the third-party application); grant_type = refresh_token; refresh_token;
Response data { state":"xxx","expires_in":7200(s), "token_type": "bearer", "refresh_token": "xxxxx", "access_token": "xxxxx", "openId":"xxxxx"(user's openId) }

Fourth, Privacy policy URL

Name Description
URI https://aiot-oauth2.aqara.cn/privacy_policy
Description Privacy Policy Statement
Request method Get

If you want to get more information about OAuth2.0, please refer to : Understand OAuth 2.0

results matching ""

    No results matching ""