Before starting the implementation of an OAuth 2.0 client that will integrate with aID, your client needs to be registered in aID. When this is done, you will receive some info that you will need to provide during the authorization.
Registering your client
To register a new client that will integrate with aID, please send an email to aid.support@amedia.no providing the following information:
Title
Title
Field
Description
Application name
Name of the application/service you are developing. This name will be shown to the user in dialogues where the user grants your application access to aID data during authorization.
Needed scopes
List of scopes the application will need access to. Available scopes can be found here
redirect_uri
The URL we send the user to after authorization. This URL will receive a code parameter and must contact aID to get the access token. Se details here.
Publication
List of publications the application is developed for. If you are developing for Amedia/all publications, just say “all”.
Purpose
What is the purpose of this application? What will the user get by using it? Not displayed to public.
Contact information
Who do we contact if we find something wrong with the integration, or we need to change things? Not displayed to public.
Notes about user approving scopes
After login (which will be invisible to the user if the user is already logged in to aID), the user will be sent to a page where all requested scopes are listed, and the user is asked to grant access to these scopes to the requesting application (your application). This is similar to the page you get on Facebook, Google etc. when logging in to applications using accounts from their systems.
For some applications, this will look weird for the user, since the user thinks he’s still using the publication’s website. For this reason, we have a way to turn this page off on a per client basis. We call this clients pre approved.
If you think for some reason that your application should be pre approved, please tell us why, and this will be considered.
What you will receive from aID
Once we have processed your request, you will be provided with two items from aID:
Title
Title
Title
Item name
Alternative name
Description
client_id
Client Identifier
Used to identify the client in OAuth authorization
client_secret
Client Password
Used to verify authenticity of OAuth client when giving access token to client
The client_id can be considered public information. It’s not a big deal if everyone in the world knows this. But the client_secret must be kept a secret. If this secret is known, all current access tokens for this client must be deleted in aID in order to ensure that no evil minded systems will get access to the user’s data. The client_secret can ONLY be shared between your application and aID, never with the user, and never with other applications (like browsers).