Posts tagged "authorization"

OAuth 2.0 Library for ActionScript

Here at Adobe, we’ve been working really hard recently on our latest big project: Adobe Creative Cloud. For anyone that is unfamiliar or wasn’t able to attend our latest MAX conference, here is how we describe the project, straight from our press release

“Adobe Creative Cloud reinvents creative expression by enabling a new generation of services for
creativity and publishing, that embrace touch interaction to re-imagine how individuals interact with
creative tools and build deeper social connections between creatives around the world.”

-Kevin Lynch, CTO, Adobe Systems

In a nutshell, Creative Cloud is really an ecosystem that includes a multitude of applications for various devices that facilitate creative workflows, all backed by a cloud storage solution. Now that I’m done with the marketing, I can get to the good stuff :)

One of the major tasks that we’ve decided to undertake while doing this project was to switch from our current authentication system to a standards-based OAuth 2.0 authentication and authorization system. This was (is) a large undertaking and included building the likes of an OAuth 2.0 server, building and supporting new OAuth 2.0 compatible clients, as well as converting all existing systems to the new one. As part of this project, I ended up creating some OAuth 2.0 libraries that our touch-tooling applications use to interact with our system. While doing this, I realized that a lot of this work can easily be open-sourced and used with any OAuth 2.0 compliant service! And so, here we are!

 
Out in the Open
What I’ve created is exactly how it sounds: an OAuth 2.0 library for ActionScript. It abides by the OAuth 2.0 specification (version 2.15) and so is compatible with any OAuth 2.0 service! That includes services like Facebook Platform, Google APIs, Foursquare APIs, and many many more.

 
What it Does
If you are unfamiliar with the OAuth 2.0 workflow, it is really quite simple…

  1. Your application makes a request to the server to get an access token.
    • An access token is what is used to access a protected resource, say, an API to post a status update.
  2. The user authenticates and authorizes the use of said protected resource by the application on behalf of the user.
    • For example, the user logs in and allows your application to post a status update on their behalf.
  3. An access token is granted and returned back to your application.
    • The access token will be restricted for use with only the specific permissions that were authorized in Step 2.
  4. You use the access token for whatever you want!
    • Using the same example, your application then uses this token to make a call to update your status.

The library is only in charge of steps 1-3. It will just get you your access token. What you do with it, and what API calls you make with it, are up to you.

 
How to Use It
This library is designed for use in mobile devices using AIR. Because of that, it makes use of the StageWebView object to display the user consent page (the form that the user must log into and authorize your application in Step 2). I’ve created a very simple mobile demo application that does exactly this. Here is the important part of the code…

// set up our StageWebView object to use our visible stage
stageWebView.stage = stage;
 
// set up the call
var oauth2:OAuth2 = new OAuth2("https://accounts.google.com/o/oauth2/auth", "https://accounts.google.com/o/oauth2/token", LogSetupLevel.ALL);
var grant:IGrantType = new AuthorizationCodeGrant(stageWebView, "INSERT_CLIENT_ID_HERE", "INSERT_CLIENT_SECRET_HERE", "http://www.mysite.com", "https://www.googleapis.com/auth/userinfo.profile");
 
// make the call
oauth2.addEventListener(GetAccessTokenEvent.TYPE, onGetAccessToken);
oauth2.getAccessToken(grant);
 
function onGetAccessToken(getAccessTokenEvent:GetAccessTokenEvent):void
{
	if (getAccessTokenEvent.errorCode == null && getAccessTokenEvent.errorMessage == null)
	{
		// success!
		trace("Your access token value is: " + getAccessTokenEvent.accessToken);
	}
	else
	{
		// fail :(
	}
}  // onGetAccessToken

You’ll see that the code is quite simple. First, we set up the StageWebView object. Then, we prepare the OAuth2 object by invoking its constructor with the appropriate values. In the third step, we attach an event-listener and make the call. Finally, in the event handler function, we handle the response. That’s it!

 
Demo
I’ve created a sample demo application that demonstrates the usage of this library. Using the same sample code as above (with the appropriate values filled in), connecting to Google’s OAuth 2.0 APIs, the sample app looks like this…

Take it for a spin and let me know what you think!

ActionScript OAuth 2.0 Mobile Demo Application

 
Code, please!
I’ve released the code under the Apache License, Version 2.0 and made it all available on GitHub! Please, fork and extend!

ActionScript OAuth 2.0 Library

That’s it! Hopefully some of you will find this project useful. And as always, I love hearing from you so let me know what you think! Happy coding =)

 
Update: As requested, I’ve removed the dependencies on the Flex framework so this library is now a pure AS3 library. Enjoy!

 
Charles