fidor_starter_kits 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a82c8968c4e81c82599966dd950785cb798a5285
-  data.tar.gz: c8686d4dafd47ced1aebceb895a8bd4cee210ecb
+  metadata.gz: c225915b009fa0fb2bc2e50eb38d390bc6a9a0b7
+  data.tar.gz: 3547304f05e844378c9980252dd3ddf40717f4f2
 SHA512:
-  metadata.gz: 329d6c28ef1c0acd2f1465fdb1cc9738c6a0fd56a2fe88726515f5d1c24ef685967edf79c68756ce18f77b51555d77a7f79cbcd945fcf9d6092e70045b1df205
-  data.tar.gz: b56cfeabdd6c75febe3b7fe387a5de57bd6c74bab7ccff50f7bfb6a67bd8dfefbd072b7a6b48d5e5892096942f75331187a2cef0251b132c62ca796f5f1629d2
+  metadata.gz: b6fa01c0bdf645fe69e7bfab33b2ee7ac2a7ede087f7ef71dbefef88efeb80fb674554b40cf10f80b4d9dc9b808434c5372e7059c6d8ca52cf603e19e1e0dbe7
+  data.tar.gz: 21888227a82c338ad77845ae9c1d0cce1eb84a71202c0907eed5bcb8f351fbe5eefb6e00221144f87455c2030a87e4172bc2efd6623c0415956269bb5bb4c266

data/.gitignore

@@ -22,3 +22,4 @@ secrets.yml
 .ruby-gemset
 *.swp
 node_modules
+.DS_Store

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog Fidor Admin API Schema
+See [commit messages](https://github.com/fidor/fidor_starter_kits/commits/) for details.
+
+
+##2014-12
+
+* make starter kits use all required oauth params: state, response_type, grant_type
+
+
+##2014-11
+
+* init with plain oauth examples for php, ruby, nodejs, golang, java

data/README.md

@@ -1,12 +1,18 @@
 # FidorStarterKits - BETA
 
-This repo features fidor application examples. The apps use oAuth to 
-authenticate with fidor, so you must register an app at fidor first to get your 
-personal app credentials. 
-Afterwards just copy one of the /starter_kits, add your app credentials to the 
-example source and start to play.
+This repo features Fidor application examples. The apps use oAuth to
+authenticate with fidor, so you must register an app at fidor first to get your
+personal app credentials.
 
-For Ruby Heros, this repo is also available as ruby gem and provides a tiny 
+For a quick start the Fidor App Manager(where you register your app) features a
+'create&download app' method. This creates a new app, writes the required oauth
+information into the source files and delivers the example as zipped download.
+
+If you choose the manual way to explore our example apps, simply checkout this
+repo, register and app and add the required credentials, URL's to the sources.
+
+
+For Ruby Heros, this repo is also available as ruby gem and provides a tiny
 helper for app creation, see Install & Usage.
 
 
@@ -38,7 +44,7 @@ Create a zipped app with credentials and the fidor url:
               fidor_oauth_url: 'https://fidor-oauth-url.de/oauth',
               fidor_api_url: 'https://fidor-api-url.de/api_sandbox'
             }
-        
+
     zip_file_path = FidorStarterKits.build(opts)
     # => /tmp/sinatra_plain-xyz/sinatra_plain.zip
     # => mv / cp / download is up to you babee
@@ -46,9 +52,10 @@ Create a zipped app with credentials and the fidor url:
 ```
 ## Build your own starter kit
 
-As a quickstart for new developers we zip and download the examples in our 
-application manager. Before the following placeholders inside in your main 
-example.xy file are substituted with the according values from the app:
+As a quickstart for new developers we zip and download the examples in our
+application manager. Before the following placeholders inside in your main
+example.xy file are substituted with the according values from the app
+(client_id/secret) and the values in .fidor_meta.json:
 
     <APP_URL>                   # default http://localhost:8000/example.php
     <CLIENT_ID>
@@ -56,7 +63,7 @@ example.xy file are substituted with the according values from the app:
     <FIDOR_OAUTH_URL>           # e.g https://fidor.com/oauth
     <FIDOR_API_URL>
 
-So just add those to example.[rb, php, ..] and see existing examples and specs 
+So just add those to example.[rb, php, ..] and see existing examples and specs
 for a reference.
 
 ## Contributing

data/lib/fidor_starter_kits/version.rb

@@ -1,3 +1,3 @@
 module FidorStarterKits
-  VERSION = '0.2.3'
+  VERSION = '0.3.0'
 end

data/starter_kits/golang_plain/example.go

@@ -16,6 +16,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"errors"
 )
 
 // The following sections define the settings you require for the
@@ -23,17 +24,17 @@ import (
 
 // app ID and secret, can be found in this apps "Details" page in the
 // AppManager.
-var client_id = "<CLIENT_ID>"
+var client_id     = "<CLIENT_ID>"
 var client_secret = "<CLIENT_SECRET>"
 
 // Fidor's OAuth Endpoint (this changes between Sandbox and Production)
 var fidor_oauth_url = "<FIDOR_OAUTH_URL>" // e.g https://fidor.com/api_sandbox/oauth
 // The OAuth Endpoint this App provides
-var oauth_cb_url = "<APP_URL>"
+var oauth_cb_url    = "<APP_URL>"
 
 // The URL of the Fidor API (this changes between Sandbox and
 // Production)
-var fidor_api_url = "<FIDOR_API_URL>" // e.g https://fidor.com/api_sandbox vs /api
+var fidor_api_url   = "<FIDOR_API_URL>" // e.g https://fidor.com/api_sandbox vs /api
 
 
 
@@ -72,7 +73,7 @@ func indexHandler(w http.ResponseWriter, r *http.Request) {
 	} else {
 		// we don't have an oauth `code` yet, so we need to
 		// redirect the user to the OAuth provider to get one ...
-		oauth_url := fmt.Sprintf("%s/authorize?client_id=%s&redirect_uri=%s",
+		oauth_url := fmt.Sprintf("%s/authorize?client_id=%s&state=123&response_type=code&redirect_uri=%s",
 			fidor_oauth_url,
 			client_id,
 			url.QueryEscape(oauth_cb_url))
@@ -99,11 +100,17 @@ func retrieveTokenFromCode(code string) (token string, err error) {
 		"client_id":     {client_id},
 		"client_secret": {client_secret},
 		"code":          {code},
+		"redirect_uri":  {url.QueryEscape(oauth_cb_url)},
+		"grant_type":    {"autorization_code"}
 	}
 	// Call API
 	if resp, err := http.PostForm(tokenUrl, tokenPayload); err != nil {
+		println(err)
 		return "", err
 	} else {
+		if resp.StatusCode != 200 {
+			return "", errors.New(resp.Status)
+		}
 		// if successful, pick the access_token out of the reply.
 		var tokenResponse TokenResponse
 		decoder := json.NewDecoder(resp.Body)

data/starter_kits/java_servlet/src/de/fidor/api/example/Example.java

@@ -85,6 +85,7 @@ public class Example extends HttpServlet {
 				.addParameter("redirect_uri", app_url)
 				.addParameter("code", code)
 				.addParameter("client_secret", client_secret)
+				.addParameter("grant_type", "authorization_token")
 				.build();
 		
 		HttpResponse resp = httpClient.execute(req);
@@ -103,7 +104,7 @@ public class Example extends HttpServlet {
 	}
 
 	private String getCodeUrl() {
-		return fidor_oauth_url + "/authorize?client_id=" + client_id + "&redirect_uri=" + app_url;
+		return fidor_oauth_url + "/authorize?client_id=" + client_id + "&redirect_uri=" + app_url +"&state=1234&response_type=authroization_code";
 	}
 	
 	private String getAccountUrl(String token) {

data/starter_kits/node_tx/example.js

@@ -14,119 +14,36 @@
 // manager an need to be transfered into the config below:
 
 var fidor_config = {
-  app_port       : 3141, // you might want to change this to match your app_url
-  app_url        : "<APP_URL>", // must also include the port e.g http://localhost:3141
+  app_port       : 3001,
+  app_url        : "<APP_URL>",
   client_id      : "<CLIENT_ID>",
   client_secret  : "<CLIENT_SECRET>",
   fidor_api_url  : "<FIDOR_API_URL>"
 }
 
-// This app can be started by executing:
-//
-//    node example.js
-//
-// Once the app is running, it can be accessed on:
-//
-//    http://localhost:3141
-//
-// or on whatever port is configured above.
-//
-// The app checks whether an OAuth access token is available for the
-// user, if not, the user is redirected to the OAuth endpoint. After
-// successful authentication and authorization, the OAuth endpoint
-// redirects the user back to the app. Specifically to:
-//
-//     http://localhost:3141/code
-//
-// This redirect will contain a query with the OAuth code. The app uses
-// this code to request an OAuth access-token. The retrieved token is stored with
-// the users session and is used to authenticate API requests.
-
-var http        = require('http')
-var url         = require('url')
-var querystring = require('querystring')
-
-
-
-// the actual call to the api.
-// @param accessToken : OAuth access_token for this user.
-// @param cb          : callback function(err, transactions)
-function apiGetTransactions(accessToken, cb) {
-  // URL endpoint to call to retrieve transactions.
-  var tx_url = fidor_config.fidor_api_url+"/transactions?access_token="+ accessToken
-
-  var get = http.get(tx_url, function(res){
-    // response may come in numerous chunks, we need to collect
-    // them and reassemble the entire answer when all data has
-    // been retrieved.
-    var data = new Buffer(0)
-    res.on('data', function(chunk){
-      data = Buffer.concat([data, chunk])
-    })
-    res.on('end', function() {
-      if (res.statusCode !== 200) {
-        cb(data.toString(), null)
-        return
-      }
-      var d = JSON.parse(data)
-      cb(d.error, d.data)
-    })
-  })
-
-  get.on('error', function(e) {
-    cb (e, null)
-  })
-}
 
-//
-// The handle for the Apps /transactions endpoint.
-// @param request  : http request object
-// @param response : http response
-//
-function getTransactions(request, response) {
-  var cookie_token = getCookie(request, "oauth_token")
-  // if we don't have a token for this user already, redirect
-  // the user to the OAuth server
-  if (!cookie_token) {
-    var oauth_url = fidor_config.fidor_api_url+"/oauth/authorize?"+
-                    "client_id="+fidor_config.client_id+
-                    "&redirect_uri="+fidor_config.app_url+"/code"
-    response.writeHead(307, {"location" : oauth_url})
-    response.end()
-    return
-  }
-
-  // trade in the key we stored in the cookie for the actual oauth token.
-  var oauth_token = getToken(cookie_token)
-
-  // call the api with the OAuth token:
-  apiGetTransactions(oauth_token, function (err, transactions) {
-    if (err) {
-      // 500 Server Error in case of any problems
-
-      console.log(">>>error")
-      console.log(err)
-      console.log("<<<error")
-
-      response.writeHead(500, "Borked.")
-      response.end("Borked.")
-      return
-    }
-    // if everything went well, dump the received json.
-    response.writeHead(200, {"Content-Type": "application/json; charset=utf-8"})
-    response.write(JSON.stringify(transactions, null, " "))
-    response.end()
-
-  })
+// redirect the user to the OAuth authorization endpoint with the
+// following params:
+//   - client_id
+//   - state
+//   - response_type
+//   - redirect_uri
+function redirect_to_oauth(response){
+  var redirect_uri = encodeURIComponent(fidor_config.app_url)
+  var oauth_url = fidor_config.fidor_api_url+
+                  "/oauth/authorize?client_id="+fidor_config.client_id+
+                  "&state=123&response_type=code&"+
+                  "redirect_uri="+redirect_uri
+  response.writeHead(307, {"location" : oauth_url})
+  response.end()
+  return
 }
 
-// Trades the `code` we received from the OAuth server via client
-// redirect for an actual access_token. To do this, the code needs to be
-// send to the correct OAuth endppoint together with client_id and
-// client_secret.
-function getOAuthToken(code, cb) {
+<// Execute a POST request against the OAUTH token endpoint
+// in order to exchange: code, client_id, client_secret, 
+// rerdirect_uri and grant_type for an auth_token.
+function retrieve_access_token_from_code( code, cb ) {
   var oauth_url = url.parse(fidor_config.fidor_api_url)
-
   // where to send the data ...
   var postOptions = {
     method: "POST",
@@ -139,7 +56,9 @@ function getOAuthToken(code, cb) {
   var postData = {
     code          : code,
     client_id     : fidor_config.client_id,
-    client_secret : fidor_config.client_secret
+    client_secret : fidor_config.client_secret,
+    redirect_uri  : encodeURIComponent(fidor_config.app_url),
+    grant_type    : "authorization_code"
   }
   postData = querystring.stringify(postData)
 
@@ -153,6 +72,7 @@ function getOAuthToken(code, cb) {
 
     res.on('end', function() {
       var oauth_response = JSON.parse(data)
+      console.log(oauth_response)
       cb(oauth_response.error, oauth_response.access_token)
     })
   })
@@ -165,178 +85,62 @@ function getOAuthToken(code, cb) {
   token_request.end()
 }
 
-// handler we provide to handle our user being redirected back
-// to us from the OAuth server with the OAuth `code` in the
-// query of the url.
-function setOAuthToken(request, response) {
-  var u = url.parse(request.url)
-  var code = querystring.parse(u.query)["code"]
+<
+// Display a friendly message and links to the API Endpoints.
+function renderWelcome(request, response, token) {
+  response.writeHead(200, {"Content-Type" : "text/html"})
+  var content = hello_template.replace(/{token}/g, token)
+  console.log(content)
+  console.log(token)
+  content = content.replace(/{api_uri}/g, fidor_config.fidor_api_url)
+  response.end(content)
+}
+
+// main http functionality
+function listener (request, response) {
 
-  // if the request does not contain a ?code=adsfasdfasdf
-  // query, it's not valid.
-  if (!code) {
-    response.writeHead(400, "Bad Request")
+  var u    = url.parse(request.url)
+  // reject everything but GET.
+  if (request.method !== "GET" || u.pathname !== "/") {
+    response.writeHead(403, "Forbidden")
     response.end()
     return
   }
-
-  // exchange the code for a token ...
-  getOAuthToken(code, function (err, token) {
-    if (err) {
-      console.log(">>>error")
-      console.log(err)
-      console.log("<<<error")
-
-      response.writeHead(500, "Borked.")
-      response.end("Borked.")
-      return
-    }
-
-    // once we have the token, we store it in our app (see below). The
-    // OAuth token is stored under a random key. We set this key in the
-    // user's cookie in order to retrieve the access_token whenever we
-    // may need it in the future without leaking the actual access_token
-    // via the cookie
-
-    var token_key = storeToken(token)
-    setCookie(response, "oauth_token", token_key)
-
-    // send the user back to the transactions url, this time, with a
-    // valid access_token (via the cookie we just set)
-    response.writeHead(307, {"location" : "/transactions"})
-    response.end()
-  })
-}
-
-// handler for all http requests to our app ...
-function listener(req, resp) {
-  // reject everything but GET.
-  if (req.method !== "GET") {
-    resp.writeHead(403, "Forbidden")
+  var code = querystring.parse(u.query)["code"]
+  if (code) {
+    retrieve_access_token_from_code( code, function (err, token) {
+      if (err) {}
+      renderWelcome(request, response, token)
+    }) 
+  } else {
+    // we don't have an oauth `code` yet, so we need to
+		// redirect the user to the OAuth provider to get one ...
+    redirect_to_oauth(response)
+    return
   }
+}
 
-  var u = url.parse(req.url)
-  switch (u.pathname) {
-    case "/":
-      console.log("start page ...")
-      resp.writeHead(200, {"Content-Type" : "text/html"})
-      resp.end(hello_template)
-      break
-    case "/transactions":
-      console.log("transactions ...")
-      getTransactions(req, resp)
-      break
-    // utility code to remove cookies in order to force OAuth.
-    case "/code":
-      console.log("received code redirect ...")
-      setOAuthToken(req, resp)
-      break
-    case "/clear_all_cookies":
-      console.log("clearing cookies")
-      clearCookies(req, resp)
-      resp.writeHead(307, {"location": "/"})
-      resp.end()
-      break
-    case "/clear_cookie":
-      console.log("clearing oauth cookie")
-
-      var key = getCookie(req, "oauth_token")
-      deleteToken(key)
-
-      clearCookie(resp, "oauth_token")
-      resp.writeHead(307, {"location": "/"})
-      resp.end()
-      break
-    default:
-      console.log("unknown: "+u.path)
-      resp.end()
-  }
+// Execution starts here...
 
-}
+var url           = require("url")
+var querystring   = require("querystring")
+var http          = require("http")
 
 // start the server
 var server = http.createServer(listener)
     server.listen(fidor_config.app_port)
 
-console.log("listening on : "+fidor_config.app_port)
-
+console.log("listening on : "+fidor_config.app_url)
 
 
 var hello_template = ""+
-"<DOCTYPE html>" +
-"<html>" +
-"<head></head>" +
-"<body>" +
-"  <h1>Welcome to Transaction Getter!</h1>" +
-"  <p><a href='/transactions'>Get Transactions</a></p>" +
-"  <p><a href='/clear_cookie'>Clear Cookie</a></p>" +
-"  <p><a href='/clear_all_cookies'>Clear All Cookies</a></p>" +
-"</body>" +
+"<html>"+
+"<head>"+
+"</head>"+
+"<body>"+
+"	<h1>Welcome!</h1>"+
+"	<i>retrieved <tt>access_token</tt>: {token} </i>"+
+"	<p><a href='{api_uri}/transactions?access_token={token}'>Transactions</a></p>"+
+"	<p><a href='{api_uri}/accounts?access_token={token}'>Accounts</a></p>"+
+"</body>"+
 "</html>"
-
-// Code for setting and clearing cookies. Typically a framework would
-// handle the intricacies of cookie handling, but we opted not to
-// require any additional dependancies for this example so we need to
-// handle cookies manually...
-
-function setCookie(response, key, value) {
-  response.setHeader("Set-Cookie", key+"="+value)
-}
-
-function clearCookie(response, key) {
-  console.log("clearing: "+key)
-  if (key.map) {
-    key = key.map(function (k) {
-      return k+"=delete; expires=Thu, 01 Jan 1970 00:00:00 GMT"
-    })
-  } else {
-    key = key+"=delete; expires=Thu, 01 Jan 1970 00:00:00 GMT"
-  }
-  console.log(key)
-  response.setHeader("Set-Cookie", key)
-}
-
-function clearCookies(request, response){
-  clearCookie(response, Object.keys(getCookies(request)))
-}
-
-
-function getCookies(request) {
-  var cookies = {}
-  var c = request.headers["cookie"]
-  if (c) {
-    c.split(';').forEach(function(cookie){
-      var c = cookie.split("=")
-      cookies[c[0].trim()] = c[1]
-    })
-  }
-  return cookies
-}
-
-function getCookie(request, key) {
-  var cookies = getCookies(request)
-  return cookies[key]
-}
-
-// token storage
-
-
-var tokens = {}
-
-function storeToken (token) {
-  var key = ""
-  for (var i =0 ; i!= 16; ++i) {
-    key += Math.floor((Math.random() * 256)).toString(16)
-  }
-  tokens[key] = token
-  return key
-}
-function getToken(key) {
-  return tokens[key]
-}
-
-function deleteToken (key) {
-  var tok = tokens[key]
-  delete tokens[key]
-  return tok
-}

data/starter_kits/php_plain/example.php

@@ -12,7 +12,8 @@
   if(empty($code)) {
     $dialog_url = $fidor_oauth_url . "/authorize?" .
                   "client_id=". $app_id .
-                  "&redirect_uri=" . urlencode($app_url);
+                  "&redirect_uri=" . urlencode($app_url) .
+                  "&state=1234&response_type=code";
 
     echo("<script> top.location.href='" . $dialog_url . "'</script>");
   }
@@ -22,7 +23,8 @@
   $data = array('client_id' => $app_id,
                 'client_secret' => $app_secret,
                 'code' => $code,
-                'redirect_uri' => urlencode($app_url)
+                'redirect_uri' => urlencode($app_url),
+                'grant_type' => 'authorization_code'
                 );
   // use key 'http' even if you send the request to https://...
   $options = array(

data/starter_kits/sinatra_plain/example.rb

@@ -13,7 +13,7 @@ get '/' do
 
   # 1. redirect to authorize url
   unless code = params["code"]
-    dialog_url = "#{@fidor_oauth_url}/authorize?client_id=#{@client_id}&redirect_uri=#{CGI::escape(@app_url)}"
+    dialog_url = "#{@fidor_oauth_url}/authorize?client_id=#{@client_id}&redirect_uri=#{CGI::escape(@app_url)}&state=1234&response_type=code"
     redirect dialog_url
   end
 
@@ -21,9 +21,11 @@ get '/' do
   token_url = URI("#{@fidor_oauth_url}/token")
   # GET and parse access_token response json
   res = Net::HTTP.post_form(token_url, 'client_id' => @client_id,
-                                        'redirect_uri' => CGI::escape(@app_url),
-                                        'code' =>code,
-                                        'client_secret'=>@client_secret)
+                                       'redirect_uri' => CGI::escape(@app_url),
+                                       'code' =>code,
+                                       'client_secret'=>@client_secret,
+                                       'grant_type'=>'authorization_code')
+
   resp = ActiveSupport::JSON.decode(res.body)
 
   # GET current user

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fidor_starter_kits
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - Georg Leciejewski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-01 00:00:00.000000000 Z
+date: 2014-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
@@ -75,6 +75,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md