OAuth 2.0

App Registration

At current stage, we don't have a developer console to add/view/edit app details. Please contact developer@dlive.tv or fill out the application directly - https://go.dlive.tv/developers

The developer needs to submit a simple form to register the App. Once approved, the developer will receive an App ID(client_id) and App secret(client_secret). One developer can register multiple Apps, different Apps will have different IDs and secrets.

Grant Types

At this stage, we only support Authorization Code and Client Credentials.

All API requests must have access token in authorization header. It could be user access token or app access token.

Authorization Code grant returns user access token with appropriate scope where client could query user information.

Client Credentials grant returns app access token where it could be used for normal queries.

Expiration

User access token: 30 days

App access token: 30 days

Refresh token: 1 year

Authorization Code Authorization Steps

The client initiates the flow by directing the resource owner's user-agent to the authorization endpoint. The client includes its client identifier, requested scope, local state, and a redirection URI to which the authorization server will send the user-agent back once access is granted. At least 1 scope is required.

Sample request:https://dlive.tv/o/authorize?client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A9094%2Foauth2&response_type=code&scope=email%3Aread&state=yyy

Login Page

Assuming the resource owner grants access, the authorization server redirects the user-agent back to the client using the redirection URI provided earlier. The redirection URI includes an authorization code and any local state provided by the client earlier.

Sample redirect:

http://localhost:9094/oauth2?code=E0XNSNTUHFW-4LOHJ3G&state=yyy

The client requests an access token from the authorization server's token endpoint by including the authorization code received in the previous step. When making the request, the client authenticates with the authorization server. The client includes the redirection URI used to obtain the authorization code for verification (only POST method). Sample curl request:

curl https://dlive.tv/o/token
-u client_id:client_secret
-d "grant_type=authorization_code"
-d "redirect_uri=http://localhost:9094/oauth2"
-d "code=E0XNSNTUHFW-4LOHJ3G"

If success, the authorization server responds back with an access token

Sample Response:

{
"access_token": "dk12lk34j12lk34j21lk34j21kl3j4",
"token_type": "Bearer",
"expiry": "0001-01-01T00:00:00Z"
"refresh_token": "5O79D6W8X-6AH_U-JXZXMQ",
}

Refreshing Access Tokens

We allow applications to remain authenticated for long time and refresh the access tokens. The refresh token (1 year expiry time) is single use. If used, a new refresh token will be issued with the new access token.

https://tools.ietf.org/html/rfc6749#section-6

Sample curl request:

curl https://dlive.tv/o/token
-u client_id:client_secret
-d "grant_type=refresh_token"
-d "refresh_token=5O79D6W8X-6AH_U-JXZXMQ"
-d "scope=streamkey:read"

The scope is an optional field (space-separated list of scopes). This must be the entire or subset of the previously granted scopes. The default is the originally granted scopes.

If refresh access token with a subset of the previously granted scopes, all previously issued and new generated access tokens will have the same subset scopes.

Sample Response:

{
"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI",
"expires_in":2592000,
"refresh_token":"S2XTXDRSWNKA7AHFBKU-DQ",
"scope":"streamkey:read",
"token_type":"Bearer"
}

Client Credentials Authorization steps

Client could request app access token by making following HTTP request:

curl https://dlive.tv/o/token
-u APP_ID:APP_SECRET
-d "grant_type=client_credentials"

And expects to receive a response in the form:

{
"access_token":"TOKEN",
"expires_in":2592000,
"token_type":"Bearer"
}