Implement OAuth authorization endpoint for first-party accounts #310

robertknight · 2017-06-06T13:14:35Z

Implement an OAuth authorization endpoint that allows users to grant browser-based clients access to data in their Hypothesis accounts.

For context and design discussion, see Client OAuth Login Technical Design.

Acceptance criteria

There is an endpoint, provisionally at GET /oauth/authorize, which clients can open in a popup window in order to authorize the client to access the user's data on Hypothesis.
When a pre-registered client directs the user to this endpoint, the endpoint verifies the client ID and reports an error if it is unrecognized.
If the user is logged in to the service when they visit this endpoint, they are prompted to allow the client to Accept / Deny the client access to the user's data.
If the user is not logged in, they are first shown the login form and then sent to step 3.
After the user accepts, an auth code is generated and delivered back to the client as described in the design document.
If the user rejects or closes the auth prompt, an error is delivered back to the client as described in the design doc.

The text was updated successfully, but these errors were encountered:

robertknight added the OAuth label Jun 6, 2017

robertknight mentioned this issue Jun 6, 2017

Use OAuth authorization flow in client #314

Closed

robertknight added the 5 points label Jun 7, 2017

dhwthompson mentioned this issue Jun 20, 2017

EPIC(?): OAuth login for first-party clients #328

Closed

8 tasks

robertknight self-assigned this Jun 29, 2017

robertknight mentioned this issue Jun 29, 2017

Initial implementation of an OAuth authorization endpoint hypothesis/h#4586

Merged

robertknight closed this as completed Aug 2, 2017

Provide feedback