Content
Create a new client
Contact Dani Huang Danqing (huangdanqing@sea.com) or Ziyi (zhaoz@seagroup.com) and provide these info:
- Client name
- Client Owner (email)
- Access token lifetime (seconds)
- Refresh token lifetime (seconds)
- Support Providers (SeaAuth only supports SeaTalk, Google and QQ right now)
- Redirect URIs
JSON Response Error
{
"success": False,
"status_code": <status_code>,
"payload": <message>
}
| Property | Value | Description |
|---|---|---|
status_code |
int |
(optional) Return the corresponding error code |
payload |
string |
(optional) Error Message |
| Status Code | Description |
|---|---|
400 |
Bad Request: wrong/missing parameters |
401 |
Unauthorize: required login or session has been expired |
403 |
Forbidden: User does not have permission |
500 |
Server Error |
APIs
| Method | Http request | Description |
|---|---|---|
| Client Login URL | /app/clients/{client_id}/login/ |
Client Login URL |
| Get Providers | GET /api/clients/{client_id}/providers/ |
Get Supported Providers |
| Get Provider Login | GET /api/clients/{client_id}/providers/{provider}/login/ |
Get Login URL |
| Verify Auth Token | POST /api/clients/{client_id}/token/ |
Get User info from Token |
| Get Profile info | GET /clients/{client_id}/profile/ |
Get Profile info |
| Revoke Access Token | POST /clients/{client_id}/revoke/ |
Revoke Access token |
Client Login URL
Description
Login portal for a client
URL
/app/clients/{client_id}/login/
| Param | Value | Description |
|---|---|---|
redirect_uri |
string |
Redirect URL. |
state |
string |
(optional) Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response. The server will return the exact value that you send from client. You can use this parameter for several purposes, such as directing the user to the correct resource in your application, sending nonces, and mitigating cross-site request forgery. |
Get Providers
Description
Get Supported Providers for a client
Request
GET /api/clients/{client_id}/providers/
Response
{
"success": True,
"status_code": 200,
"providers": [{provider}]
}
| Property | Value | Description |
|---|---|---|
provider |
list |
List of providers |
provider:item |
string |
Provider |
Get Provider Login
Description
Get Provider Login info for a client
Request
GET /api/clients/{client_id}/providers/{provider}/login/
| Param | Value | Description |
|---|---|---|
redirect_uri |
string |
Redirect URL. |
state |
string |
(optional) Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response. The server will return the exact value that you send from client. You can use this parameter for several purposes, such as directing the user to the correct resource in your application, sending nonces, and mitigating cross-site request forgery. |
Response
Redirect to the Login URL
Login Callback
Description
In Get Provider Login's reponse, depend on which provider in the request, authorization_url will be a generated link for user to login into seauth. After user has logged in using the correct provider account, Sea Auth will redirect client to the registered callback.
Callback
| Param | Value | Description |
|---|---|---|
redirect_uri |
string |
Redirect URL. |
state |
string |
|
code |
string |
(optional) Only show up if the action is successful: An unique code for client to use to verify and retrieve user info. This code is only alive for 60 seconds. |
error |
string |
(optional) Only show up if the action is failed |
Verify Auth Token
Description
Verify and retrive user info from token:
grant_typeis "authorization_code": To get user info fromcodefrom Login Callbackgrant_typeis "refresh_token": To generate a new useraccess_tokenfromrefresh_token
Request
POST /api/clients/{client_id}/token/
Body
Support both application/x-www-form-urlencoded and application/json
# Content-Type: application/json
{
"grant_type": {grant_type},
"client_secret": {client_secret},
"code": {code},
"refresh_token": {refresh_token}
}
| Param | Value | Description |
|---|---|---|
grant_type |
string |
One of the 2 options: "authorizationcode", "refreshtoken". |
client_secret |
string |
Current {client_id} secret. |
code |
string |
(optional) Compulsory if grant_type is "authorization_code" |
refresh_token |
string |
(optional) Compulsory if grant_type is "refresh_token" |
Response
{
"success": true,
"status_code": 200,
"access_token": {access_token},
"access_token_expiry_time": {access_token_expiry_time},
"refresh_token": {refresh_token},
"refresh_token_expiry_time": {refresh_token_expiry_time},
"user": {email}
}
| Property | Value | Description |
|---|---|---|
access_token |
string |
|
access_token_expiry_time |
int |
|
refresh_token |
string |
|
refresh_token_expiry_time |
int |
|
user |
string |
Get Profile info
Description
Get Profile info from Access Token
Request
GET /api/clients/{client_id}/profile/
Headers
{
'Authorization': 'Bearer {access_token}'
}
Reponse
{
"success": true,
"status_code": 200,
"access_token": {access_token},
"access_token_expiry_time": {access_token_expiry_time},
"user": {email}
}
| Property | Value | Description |
|---|---|---|
access_token |
string |
|
access_token_expiry_time |
int |
|
user |
string |
Revoke Access Token
Description
Revoke access token and all related info (real provider token info and Sea Auth refresh token).
Request
POST /clients/{client_id}/revoke/
Headers
{
'Authorization': 'Bearer {access_token}'
}
Response
{
"success": true,
"status_code": 200,
}
Example:
Note: all examples is using python3