OAUTH Authorization

• OAUTH is primarily for mobile user terminals
• There are 3 parts to using OAuth authorization:
  1. The third party OAuth server obtains the authorization code and further obtains the access token
  2. Using the access token it optains the StorageAccessToken from FDS
  3. It uses the StorageAccessToken+appid as authorization information to initiate other requests
     • The appId can get the See Diagram Cloud Service Key / AppID
• The client-end is integrated with the FDS SDK's application, or it also includes the client developer's own maintenance server
• The authorization server and the resource server belong to the third party OAuth server. The currently supported third party OAuth services include (XiaoMi, QQ, Sina, RenRen, Weixin)
• The resource owner is the end user using the app
• The client and third-party OAuth server should use standard OAuth2.0 authorization code authentication
• The parameters of the AccessToken obtained through the third-party OAuth server can refer to the third-party OAuth description, using XiaoMi as an example. You can refer to the parameter return description.
• The owner ID of the uploaded resource is acquired by FDS through the access token uploaded by the client. The developer should ensure that the user information obtained by the mobile terminal is legal and valid to avoid security problems,
• Before using OAuth authentication, developers should send us their own appId (Refer to Diagram Cloud Service Key / AppID), the region used, the Bucket used, and the appid of their third party OAuth service (using XiaoMi as an example, refer to Getting AccessToken/client_id).

OAuth Authorization Sequence Diagram

Language Implementation References

• Android
• iOS

Description of Restful API

Restful API