Play.me OAuth (Open Authorization)

Play.me API supports user authentication on www.playme.com by OAuth, according to oauth specifications: version 1.0a.

A typical usage scenario for Play.me OAuth is as follows: an application, that integrates the Play.me API, needs to authenticate a user as registered on the Play.me site. By OAuth, user authentication is delegated to the Play.me site itself and the application just has to check the authentication outcome.

Play.me OAuth process involves three steps (see OAuth specs) and each step is supported by a the Play.me API

 

 

Definition
(see: OAuth specs)

  • Service Provider: A web application that allows access via OAuth (the Play.me API).
  • User: An individual who has an account with the Service Provider.
  • Consumer: A website or application that uses OAuth to access the Service Provider on behalf of the User.
    This is the application that integrates Play.me API
  • Consumer Developer: An individual or organization that implements a Consumer.
  • Consumer Key: A value used by the Consumer to identify itself to the Service Provider.
    This is your apikey
  • Consumer Secret: A secret used by the Consumer to establish ownership of the Consumer Key.
    This is your api secret
  • Request Token: A value used by the Consumer to obtain authorization from the User, and exchanged for an Access Token.
  • Access Token: A value used by the Consumer to gain access to the Protected Resources on behalf of the User, instead of using the User's Service Provider credentials.
  • Token Secret: A secret used by the Consumer to establish ownership of a given Token.
  • OAuth Protocol Parameters: Parameters with names beginning with oauth_.

 

Obtaining an Unauthorized Request Token
The Consumer obtains an unauthorized Request Token by asking the Service Provider to issue a Token.
The Request Token's sole purpose is to receive User approval and can only be used to obtain an Access Token.
To get the request token you have to call oauth.requestToken, that returns auth_token, auth_token_secret

  • oauth_token is the token issued for authentication by the user
  • oauth_token_secret will be used in generating signature when asking for an access token

 

Requesting User Authorization
In this step, user is requested to authenticate at playme site: if authentication is successfull the Request Token will be marked as authorized by the user.
You have to call the oauth.authorize API, providing the oauth_token that redirects user to a login form.
The user has to fill in the form and submit it: if login is successfull an authorized token and a verification code are returned, to be used in the exchange token step.
 

Obtaining an Access Token
In this step your application ask play.me API to exchange the authorized Request Token for an Access Token
To get the Access Token, you have to use oauth.accessToken API, providing the Authorized Request Token retrieved at previous step.
Note that the Access Token can be used as an User Authentication Token (UAT).
 
A useful tutorial with sample code is available here.