app/views/opro/oauth/docs/markdown/password_exchange.md.erb from opro/opro

app/views/opro/oauth/docs/markdown/password_exchange.md.erb
Summary

Maintainability

Test Coverage

Issues
<%= "# Password Exchange is NOT enabled in this App" unless ::Opro.password_exchange_enabled? %>


## Password Exchange

If you're building a mobile (iPhone, Android, etc.) app, it can be easier to exchange a user's password and email/username for an access token than to send your user through the traditional OAuth flow.


## Step 1: Register your Application

Sign in as a registered user then visit the [new client application page](/oauth_client_apps/new). Enter in the name of your application. For this example, we can use `foo`; you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a `client id` and a `secret`. These behave like a username and password for your OAuth application.


    Name:           foo
    client id:      3234myClientId5678
    client Secret:  14321myClientSecret8765


Once you've registered an app successfully, we can start to build an OAuth application. Don't continue until you've [registered a client app](/oauth_client_apps/new).

**Note:** Replace the client id and secret with your actual client id and secret.

Once you have your id and secret, you can ask the user of your application to provide you with their username and password. For the purposes of this example we will be using the email address `foo@example.com` and password `p4ssw0rd`.

**Note:** Replace the email and password with a real user's credentials.


Once you have the email/username and password of a user, you can exchange this information for a token by sending the server your client\_id & client\_secret along with the username and password. Don't forget to url encode any special characters like `@`, and always transmit this sensitive data using a secure protocol (such as https):

    <%= oauth_token_url(:protocol => @protocol, :email => "foo@example.com", :password => "p4ssw0rd", :client_id => "3234myClientId5678", :client_secret => "14321myClientSecret8765" ) %>

The response should be JSON with an access_token:


    {"access_token":"9693accessTokena7ca570bbaf","refresh_token":"3a3c129ad02b573de78e65af06c293f1","expires_in":null}

You can now use the `access_token` in the parameters or the header of future requests. See the end of the <%= view_context.link_to 'Quick Start Guide', oauth_doc_path(:quick_start) %> for examples.


## Additional Exchange


 In addition to username/password, the owner of this web service may choose to implement other custom exchanges such as Facebook or Twitter token exchange for an access token. You must contact the owner of this web service to see if they support other data when exchanging tokens.

 When you do this make sure to pass `grant_type=password` or `grant_type=bearer` in the request to `<%= oauth_token_url %>` in addition to any required parameters.