OAuth Server API
AContent implements the OAuth Core 1.0 specification.
The OAuth protocol enables web service consumers to access protected resources via an API without requiring users to supply the service credentials to the consumers. It's a generic methodology for unobtrusive, wire protocol level authenticated data access over HTTP.
AContent exposes the following API endpoints:
Register consumer
Endpoint:
http://server-cname/oauth/register_consumer.php
Parameters
| Parameter | Description | Default value |
|---|---|---|
| consumer | Required. The encoded string of consumer name. | None |
| expire | Optional. The length of time in seconds that the access token is valid. The access token expires after this number of seconds since being assigned. When "expire" is set to 0, the access token never expires. | 0 |
Example
Request
http://www.atutor.ca/acontent/demo/oauth/register_consumer.php?consumer=http%3A%2F%2Flocalhost%2Facontent%2F&expire=300
Goal: Registers consumer http://localhost/acontent/ and requests that the assigned access token expires in 5 minutes.
Success responseconsumer_key=8862a51faa12c1b1&consumer_secret=79d591810c803167&expire=300
consumer_key and consumer_secret are both 16 characters long. expire_threshold confirms the access token expire duration.
Fail responseerror=Empty+parameter+%22consumer%22
A fail response returns an error message.
Request token
Endpoint:
http://server-cname/oauth/request_token.php
Parameters
Both GET or POST methods are supported.
| Parameter | Description | Default value |
|---|---|---|
| oauth_consumer_key | Required. The consumer key. | None |
| oauth_signature_method | Required. The signature method the Consumer used to sign the request. | None. Or, One of these values: HMAC-SHA1, RSA-SHA1, and PLAINTEXT. |
| oauth_signature | Required. The signature as defined in Signing Requests. | None |
| oauth_timestamp | Required. As defined in Nonce and Timestamp. | None |
| oauth_nonce | Required. As defined in Nonce and Timestamp. | None |
| oauth_version | OPTIONAL. If present, value MUST be 1.0. | 1.0 |
Example
Request
http://www.atutor.ca/acontent/demo/oauth/request_token.php?oauth_consumer_key=8862a51faa12c1b1&Success response
oauth_signature_method=HMAC-SHA1&oauth_signature=tVWpcskRSY34wxhv%2BP9NcgXuuGk%3D&
oauth_timestamp=1255524495&oauth_nonce=3e43dd6ce0e09614e79e2a4b53e124c8&oauth_version=1.0
oauth_token=086cbfe90b41a7fdf9&oauth_token_secret=55e2bd8454b2f75a21
oauth_token and oauth_token_secret are both 18 characters long.
Fail responseerror=Consumer+is+not+registered
A fail response returns an error message.
Authorization
Endpoint:
http://server-cname/oauth/authorization.php
Parameters
| Parameter | Description | Default value |
|---|---|---|
| oauth_token | Required. The Request Token obtained in the previous step. | None |
| oauth_callback | Optional. The Consumer MAY specify a URL the Service Provider will use to redirect the User back to the Consumer along with the request token when Obtaining User Authorization is complete. If this parameter was not given or empty, the message "User was authenticated successfully" will be returned as a success response. | 0 |
Example
Request
http://www.atutor.ca/acontent/demo/oauth/authorization.php?oauth_token=086cbfe90b41a7fdf9&oauth_callback=http%3A%2F%2Fwww.atutor.ca%2Facontent%2Fdemo%2FSuccess response
Redirect the User back to the URL specified in oauth_callback along with the send-in request token "oauth_token". If oauth_callback is not given or empty, the message "User was authenticated successfully" will be returned.
Fail responseerror=Empty+oauth+token
A fail response returns an error message.
Access token
Endpoint:
http://server-cname/oauth/access_token.php
Parameters
| Parameter | Description | Default value |
|---|---|---|
| oauth_consumer_key | Required. The consumer key. | None |
| oauth_token | Required. The Request Token obtained previously. | None. |
| oauth_signature_method | Required. The signature method the Consumer used to sign the request. | None. Or, one of these values: HMAC-SHA1, RSA-SHA1, and PLAINTEXT. |
| oauth_signature | Required. The signature as defined in Signing Requests. | None |
| oauth_timestamp | Required. As defined in Nonce and Timestamp. | None |
| oauth_nonce | Required. As defined in Nonce and Timestamp. | None |
| oauth_version | OPTIONAL. If present, value MUST be 1.0. | 1.0 |
Example
Request
http://www.atutor.ca/acontent/demo/oauth/access_token.php?oauth_consumer_key=8862a51faa12c1b1&oauth_token=086cbfe90b41a7fdf9& oauth_signature_method=HMAC-SHA1&oauth_signature=tVWpcskRSY34wxhv%2BP9NcgXuuGk%3D&oauth_timestamp=1255524495& oauth_nonce=3e43dd6ce0e09614e79e2a4b53e124c8&oauth_version=1.0Success response
oauth_token=086cbfe90b41a7fdf9&oauth_token_secret=55e2bd8454b2f75a21
oauth_token and oauth_token_secret are both 18 characters long.
Fail responseerror=Invalid+oauth+request+token
A fail response returns an error message.
Note that the access token can be reused during the expire threshold is reached. Expire threshold is defined in the register consumer request.
Import Common Cartridge or Content Package into AContent
Until here, with a set of token credentials, the client is now able to import common cartridges or content packages into AContent as a new lesson. The generated course ID is returned at success. Or, an error message is returned at fail.
Endpoint:
http://server-cname/home/ims/ims_import.php
Parameters
| Parameter | Description | Default value |
|---|---|---|
| oauth_token | Required. The Access Token obtained previously. | None. |
| url | Required. The URL pointing to a zip file of the common cartridge or content package. | None. |
Example
Request
http://www.atutor.ca/acontent/demo/home/ims/ims_import.php?oauth_token=9941b13ebc574a62d0& url=http%3A%2F%2Fatutor.ca%2Fdemo%2Fmods%2F_core%2Fimscp%2Fims_export.php%3Fcid%3D0%26c%3D15%26m%3D7478785009a6629d0a5d5b5ff5850eb8Success response
course_id=20
course_id is the number ID of the newly-imported lesson. This ID can be used to view and download the imported lesson. Refer to Web Service API for details.
Fail responseerror=User+has+no+author+privilege
error=Empty+OAuth+token
error=Invalid+OAuth+token
error=OAuth+token+expired
error=Invalid+imported+file
error=Cannot+create+import+directory
error=IMS+manifest+file+does+not+appear+to+be+valid
error=Error+at+parsing+IMS+manifest+file
A fail response returns an error message. Could be any of the above