# OAuth 2.0 ## **App Registration** At current stage, we don't have a developer console to add/view/edit app details. Please contact or fill out the application directly - The developer needs to submit a simple form to register the App. Once approved, the developer will receive an App ID(client\_id) and App secret(client\_secret). One developer can register multiple Apps, different Apps will have different IDs and secrets. ## **Grant Types** At this stage, we only support [**Authorization Code**](http://tools.ietf.org/html/rfc6749#section-4.1) and [**Client Credentials**](https://tools.ietf.org/html/rfc6749#section-4.4). All API requests must have access token in `authorization` header. It could be user access token or app access token. Authorization Code grant returns user access token with appropriate scope where client could query user information. Client Credentials grant returns app access token where it could be used for normal queries. ## Expiration User access token: 30 days App access token: 30 days Refresh token: 1 year ## **Authorization Code Authorization Steps** \ The client initiates the flow by directing the resource owner's user-agent to the authorization endpoint. The client includes its client identifier, requested scope, local state, and a redirection URI to which the authorization server will send the user-agent back once access is granted. **At least 1 scope is required.**
Sample request:`https://dlive.tv/o/authorize?client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A9094%2Foauth2&response_type=code&scope=email%3Aread&state=yyy` ![Login Page](https://lh3.googleusercontent.com/sRrdBjUTBkl7UaddUs0oaS63G0g1os44VQ7HY7xtzDYQ39ZExFEVbO6ehNDQcjRrr5XVYzz01ehtCSoIEUqitrL0gCp6WKGb0uR0e0seK3dQe7NLQ-bKI_rfnmeinh9YgxxnoXp3) Assuming the resource owner grants access, the authorization server redirects the user-agent back to the client using the redirection URI provided earlier. The redirection URI includes an authorization code and any local state provided by the client earlier. Sample redirect: [`http://localhost:9094/oauth2?code=E0XNSNTUHFW-4LOHJ3G&state=yyy`](http://localhost:9094/oauth2?code=E0XNSNVFNTUHFW-4LOHJ3G\&state=xyz123321) The client requests an access token from the authorization server's token endpoint by including the authorization code received in the previous step. When making the request, the client authenticates with the authorization server. The client includes the redirection URI used to obtain the authorization code for verification (only POST method).\ \ Sample curl request: ``` curl https://dlive.tv/o/token -u client_id:client_secret -d "grant_type=authorization_code" -d "redirect_uri=http://localhost:9094/oauth2" -d "code=E0XNSNTUHFW-4LOHJ3G" ``` If success, the authorization server responds back with an access token Sample Response: ``` { "access_token": "dk12lk34j12lk34j21lk34j21kl3j4", "token_type": "Bearer", "expiry": "0001-01-01T00:00:00Z" "refresh_token": "5O79D6W8X-6AH_U-JXZXMQ", } ``` ## Refreshing Access Tokens We allow applications to remain authenticated for long time and refresh the access tokens. The refresh token (1 year expiry time) is single use. If used, a new refresh token will be issued with the new access token. Sample curl request: ``` curl https://dlive.tv/o/token -u client_id:client_secret -d "grant_type=refresh_token" -d "refresh_token=5O79D6W8X-6AH_U-JXZXMQ" -d "scope=streamkey:read" ``` The **scope** is an **optional** field (space-separated list of scopes). This must be the entire or subset of the previously granted scopes. The default is the originally granted scopes. If refresh access token with a subset of the previously granted scopes, all previously issued and new generated access tokens will have the same subset scopes. Sample Response: ``` { "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI", "expires_in":2592000, "refresh_token":"S2XTXDRSWNKA7AHFBKU-DQ", "scope":"streamkey:read", "token_type":"Bearer" } ``` \ [**Client Credentials**](https://tools.ietf.org/html/rfc6749#section-4.4) **Authorization steps** ------------------------------------------------------------------------------------------------- \ Client could request app access token by making following HTTP request: ``` curl https://dlive.tv/o/token -u APP_ID:APP_SECRET -d "grant_type=client_credentials" ``` And expects to receive a response in the form: ``` { "access_token":"TOKEN", "expires_in":2592000, "token_type":"Bearer" } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dlive.tv/api/authentication-oauth2/oauth-2.0.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.