You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: openapi.yaml
+8-7Lines changed: 8 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
openapi: 3.0.1
2
2
info:
3
3
version: 4.14.0
4
+
4
5
title: Linode API
5
6
description: |
6
7
# Introduction
@@ -47,7 +48,7 @@ info:
47
48
| **HTTP Authorization Scheme** | bearer |
48
49
49
50
## OAuth
50
-
If you only need to access the Linode API for personal uses,
51
+
If you only need to access the Linode API for personal use,
51
52
we recommend that you create a [personal access token](#personal-access-token).
52
53
If you're designing an application that can authenticate with an arbitrary Linode user, then
53
54
you should use the OAuth 2.0 workflows presented in this section.
@@ -66,7 +67,7 @@ info:
66
67
### OAuth Workflow
67
68
68
69
The OAuth workflow is a series of exchanges between your third-party app and Linode. The workflow is used
69
-
to authenticate a User before an application can start making API calls on the User's behalf.
70
+
to authenticate a user before an application can start making API calls on the user's behalf.
70
71
71
72
Notes:
72
73
@@ -76,19 +77,19 @@ info:
76
77
77
78
| PRIVATE WORKFLOW | PUBLIC WORKFLOW |
78
79
|------------------|------------------|
79
-
| 1. The User visits the application's website and is directed to login with Linode. | 1. The User visits the application's website and is directed to login with Linode. |
80
+
| 1. The user visits the application's website and is directed to login with Linode. | 1. The user visits the application's website and is directed to login with Linode. |
80
81
| 2. Your application then redirects the user to Linode's [login server](https://login.linode.com) with the client application's `client_id` and requested OAuth `scope`, which should appear in the URL of the login page. | 2. Your application then redirects the user to Linode's [login server](https://login.linode.com) with the client application's `client_id` and requested OAuth `scope`, which should appear in the URL of the login page. |
81
82
| 3. The user logs into the login server with their username and password. | 3. The user logs into the login server with their username and password. |
82
-
| 4. The login server redirects the user to the specificed redirect URL with a temporary authorization `code` (exchange code) in the URL. | 4. The login server redirects the user back to your application with an OAuth `access_token` embedded in the redirect URL's hash. This is temporary and expires in 2 hours. No `refresh_token` is issued. Therefore, once the `access_token` expires, a new one will need to be issued by having the user log in again. |
83
+
| 4. The login server redirects the user to the specificed redirect URL with a temporary authorization `code` (exchange code) in the URL. | 4. The login server redirects the user back to your application with an OAuth `access_token` embedded in the redirect URL's hash. This is temporary and expires in two hours. No `refresh_token` is issued. Therefore, once the `access_token` expires, a new one will need to be issued by having the user log in again. |
83
84
| 5. The application issues a POST request (*see below*) to the login server with the exchange code, `client_id`, and the client application's `client_secret`. | |
84
-
| 6. The login server responds to the client application with a new OAuth `access_token` and `refresh_token`. The `access_token` is set to expire in 2 hours. | |
85
-
| 7. The `refresh_token` can be used by contacting the login server with the `client_id`, `client_secret`, and `refresh_token` to get a new OAuth `access_token` and `refresh_token`. The new `access_token` is good for another 2 hours, and the new `refresh_token`, can be used to extend the session again by this same method. | |
85
+
| 6. The login server responds to the client application with a new OAuth `access_token` and `refresh_token`. The `access_token` is set to expire in two hours. | |
86
+
| 7. The `refresh_token` can be used by contacting the login server with the `client_id`, `client_secret`, and `refresh_token` to get a new OAuth `access_token` and `refresh_token`. The new `access_token` is good for another two hours, and the new `refresh_token`, can be used to extend the session again by this same method. | |
86
87
87
88
### OAuth Private Workflow - Additional Details
88
89
89
90
The following information expands on steps 5 through 7 of the private workflow:
90
91
91
-
Once the User has logged into Linode and you have received an exchange code,
92
+
Once the user has logged into Linode and you have received an exchange code,
92
93
you will need to trade that exchange code for an `access_token` and `refresh_token`. You
93
94
do this by making an HTTP POST request to the following address:
0 commit comments