├── README.md ├── SECURITY.md ├── amber-java └── .gitignore ├── oltu-clojure ├── README.md ├── project.clj └── src │ └── example │ └── client.clj ├── oltu-java ├── pom.xml └── src │ └── main │ └── java │ └── example │ └── brightcove │ └── oauth │ └── client │ └── OltuJavaClient.java ├── python └── client.py └── ruby ├── .gitignore ├── .rvmrc ├── Gemfile ├── Gemfile.lock ├── README └── client_credential_example.rb /README.md: -------------------------------------------------------------------------------- 1 | # Client examples 2 | 3 | The client library, SDK and sample code are located in this directory. 4 | 5 | Client here refers to 6 | [an application making protected resource requests][client-def] on 7 | behalf of the resource owner and with its authorization. 8 | 9 | [client-def]: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-1.1 10 | 11 | ## Implementation notes 12 | 13 | Note that the samples here will not work without modifications: 14 | 15 | * you must replace YOUR_CLIENT_ID placeholders with a valid client id 16 | * you must replace YOUR_CLIENT_SECRET placeholders with a valid client secret 17 | * you must replace YOUR_ACCOUNT_ID placeholders with a valid Video Cloud account id 18 | 19 | 20 | ## Credential client registration 21 | 22 | Many of these examples use a client credential registration with a 23 | scope authorizing read access to the Analytics API. Such a 24 | registration might be created as follows: 25 | 26 | ```sh 27 | # With $BC_TOKEN (browser session cookie) and $ACCOUNT_ID (publisher account) variables: 28 | curl -H "Authorization: BC_TOKEN $BC_TOKEN" -X POST -d 'name=example-client&maximum_scope=[{"identity":{"type":"video-cloud-account","account-id":'$ACCOUNT_ID'},"operations":["video-cloud/analytics/read"]}]' https://oauth.brightcove.com/v4/client_credentials 29 | ``` 30 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 5.1.x | :white_check_mark: | 11 | | 5.0.x | :x: | 12 | | 4.0.x | :white_check_mark: | 13 | | < 4.0 | :x: | 14 | 15 | ## Reporting a Vulnerability 16 | 17 | Use this section to tell people how to report a vulnerability. 18 | 19 | Tell them where to go, how often they can expect to get an update on a 20 | reported vulnerability, what to expect if the vulnerability is accepted or 21 | declined, etc. 22 | -------------------------------------------------------------------------------- /amber-java/.gitignore: -------------------------------------------------------------------------------- 1 | /target 2 | -------------------------------------------------------------------------------- /oltu-clojure/README.md: -------------------------------------------------------------------------------- 1 | # Clojure OAuth2 client example 2 | 3 | Uses Oltu library for OAuth2. 4 | 5 | Use the Leiningen build tool to run this example after setting the 6 | client ID, client secret, and account ID in the source: `lein run` 7 | -------------------------------------------------------------------------------- /oltu-clojure/project.clj: -------------------------------------------------------------------------------- 1 | (defproject oltu-clojure "0.1.0-SNAPSHOT" 2 | :dependencies [[org.clojure/clojure "1.4.0"] 3 | [org.apache.oltu.oauth2/org.apache.oltu.oauth2.client "0.31"]] 4 | :main example.client) 5 | -------------------------------------------------------------------------------- /oltu-clojure/src/example/client.clj: -------------------------------------------------------------------------------- 1 | (ns example.client 2 | (:import [java.net URL] 3 | [org.apache.oltu.oauth2.client OAuthClient URLConnectionClient] 4 | [org.apache.oltu.oauth2.client.request OAuthClientRequest] 5 | [org.apache.oltu.oauth2.client.response OAuthJSONAccessTokenResponse] 6 | [org.apache.oltu.oauth2.common.message.types GrantType])) 7 | 8 | (def token-request-url 9 | "The URL for access token requests." 10 | "https://oauth.brightcove.com/v4/access_token") 11 | 12 | (def client-id 13 | "The client ID from your client credential." 14 | "YOUR_CLIENT_ID") 15 | 16 | (def client-secret 17 | "The client secret from your client credential." 18 | "YOUR_CLIENT_SECRET") 19 | 20 | (def account-id 21 | "The account ID to fetch Analytics info for." 22 | "YOUR_ACCOUNT_ID") 23 | 24 | (def oauth-client 25 | "An Oltu OAuth client object to use to make requests." 26 | (OAuthClient. (URLConnectionClient.))) 27 | 28 | (def token-request 29 | "A token request message to submit through the oauth-client object and get a token in 30 | return." 31 | (.. (OAuthClientRequest/tokenLocation token-request-url) 32 | (setGrantType GrantType/CLIENT_CREDENTIALS) 33 | (setClientId client-id) 34 | (setClientSecret client-secret) 35 | ;; If you want to set the token scope, (setScope something) here. 36 | (buildQueryMessage))) 37 | 38 | (defn get-token [] 39 | "Yield a fresh access token created by submitting token-request through oauth-client. (Makes 40 | an access token request to the server located at token-request-url.)" 41 | (.getAccessToken 42 | (.accessToken oauth-client token-request OAuthJSONAccessTokenResponse))) 43 | 44 | (defn resource-url 45 | "Build URL of the resource you want to access using the access 46 | token. The value below is for the Analytics resource server." 47 | [account-id] 48 | (URL. (str "https://analytics.api.brightcove.com/v1/data?accounts=" account-id "/report?dimensions=video"))) 49 | 50 | (defn resource-cxn [] 51 | "Yield a fresh HttpURLConnection to the resource server, with the appropriate Authorization 52 | header attached. (Makes an access token request using (get-token).)" 53 | (doto (.openConnection (resource-url account-id)) 54 | (.addRequestProperty "Authorization" (str "Bearer " (get-token))))) 55 | 56 | (defn authorized-content [] 57 | "Yield the authorized content by requesting a fresh access token and then requesting the 58 | content using it." 59 | (slurp (.getInputStream (resource-cxn)))) 60 | 61 | (defn -main 62 | "Display analytics info for an account using OAuth2 credentials." 63 | [& args] 64 | (println (authorized-content))) 65 | -------------------------------------------------------------------------------- /oltu-java/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | client-examples-oltu-java 8 | example.brightcove.oauth 9 | client-examples-oltu-java 10 | 0.1.0-SNAPSHOT 11 | jar 12 | 13 | 14 | 15 | org.apache.oltu.oauth2 16 | org.apache.oltu.oauth2.client 17 | 0.31 18 | 19 | 20 | -------------------------------------------------------------------------------- /oltu-java/src/main/java/example/brightcove/oauth/client/OltuJavaClient.java: -------------------------------------------------------------------------------- 1 | package example.brightcove.oauth.client; 2 | 3 | import org.apache.oltu.oauth2.client.OAuthClient; 4 | import org.apache.oltu.oauth2.client.URLConnectionClient; 5 | import org.apache.oltu.oauth2.client.request.OAuthClientRequest; 6 | import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse; 7 | import org.apache.oltu.oauth2.common.message.types.GrantType; 8 | 9 | import java.io.BufferedReader; 10 | import java.io.InputStream; 11 | import java.io.InputStreamReader; 12 | import java.net.HttpURLConnection; 13 | import java.net.URL; 14 | 15 | /** 16 | * Example of the OAuth client credentials flow using the Apache Oltu OAuth2 client. 17 | */ 18 | public class OltuJavaClient { 19 | /** 20 | * URL for requesting OAuth access tokens. 21 | */ 22 | public static final String TOKEN_REQUEST_URL = "https://oauth.brightcove.com/v4/access_token"; 23 | 24 | /** 25 | * Client ID of your client credential. Change this to match whatever credential you have created. 26 | */ 27 | public static final String CLIENT_ID = "YOUR_CLIENT_ID"; 28 | 29 | /** 30 | * Client secret of your client credential. Change this to match whatever credential you have created. 31 | */ 32 | public static final String CLIENT_SECRET = 33 | "YOUR_CLIENT_SECRET"; 34 | 35 | /** 36 | * Account on which you want to request a resource. Change this to match the account you want to 37 | * retrieve resources on. 38 | */ 39 | public static final String ACCOUNT_ID = "YOUR_ACCOUNT_ID"; 40 | 41 | /** 42 | * URL from which you are going to request a resource. The example below is for the Analytics 43 | * resource server. :account-id will be replaced with {@link ACCOUNT_ID} below. 44 | */ 45 | public static final String RESOURCE_URL_TPL = 46 | "https://analytics.api.brightcove.com/v1/data?accounts=:account-id&dimensions=video"; 47 | 48 | /** 49 | * Request a fresh access token using the given client ID, client secret, and token request URL, 50 | * then request the resource at the given resource URL using that access token, and get the resource 51 | * content. If an exception is thrown, print the stack trace instead. 52 | * 53 | * @param args Command line arguments are ignored. 54 | */ 55 | public static void main(String[] args) { 56 | try { 57 | OAuthClient client = new OAuthClient(new URLConnectionClient()); 58 | 59 | OAuthClientRequest request = 60 | OAuthClientRequest.tokenLocation(TOKEN_REQUEST_URL) 61 | .setGrantType(GrantType.CLIENT_CREDENTIALS) 62 | .setClientId(CLIENT_ID) 63 | .setClientSecret(CLIENT_SECRET) 64 | // .setScope() here if you want to set the token scope 65 | .buildQueryMessage(); 66 | 67 | String token = 68 | client.accessToken(request, OAuthJSONAccessTokenResponse.class) 69 | .getAccessToken(); 70 | 71 | String resourceUrl = RESOURCE_URL_TPL.replace(":account-id", ACCOUNT_ID); 72 | HttpURLConnection resource_cxn = 73 | (HttpURLConnection)(new URL(resourceUrl).openConnection()); 74 | resource_cxn.addRequestProperty("Authorization", "Bearer " + token); 75 | 76 | InputStream resource = resource_cxn.getInputStream(); 77 | 78 | // Do whatever you want to do with the contents of resource at this point. 79 | 80 | BufferedReader r = new BufferedReader(new InputStreamReader(resource, "UTF-8")); 81 | String line = null; 82 | while ((line = r.readLine()) != null) { 83 | System.out.println(line); 84 | } 85 | } catch (Exception exn) { 86 | exn.printStackTrace(); 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /python/client.py: -------------------------------------------------------------------------------- 1 | # Example Python client using sanction: 2 | # https://github.com/demianbrecht/sanction 3 | # 4 | # $ PYTHONPATH=path/to/sanction_lib_base/ python ./client.py 5 | # 6 | # Warning: the python-oauth2 client, github.com/simplegeo/python-oauth2, does not actually 7 | # support current drafts of the oauth2 flow. 8 | 9 | from sanction import Client 10 | 11 | # The URL for access token requests 12 | token_request_url = "https://oauth.brightcove.com/v4/access_token" 13 | 14 | # Client ID and secret 15 | 16 | # Your Client ID from your client credential 17 | client_id = "762df048-1d42-468c-9d18-f023d524f94f" 18 | 19 | # Your Client Secret from your client credential 20 | client_secret = "s728iZUVU3YbBSJC4to_9UhYgVrxIVvIQL3OkypMSOudWg02lZk3tNDbPESUAiup0uJV_rBinbyQ70Vh7FSWLA" 21 | 22 | # The base URL of the resource server 23 | # The URL below is for the example resource server 24 | resource_base = "https://data.brightcove.com/" 25 | 26 | # Create the OAuth2 client object 27 | client = Client(token_endpoint = token_request_url, 28 | resource_endpoint = resource_base, 29 | client_id = client_id, 30 | client_secret = client_secret) 31 | 32 | # Request the access token into the client object 33 | client.request_token(grant_type = 'client_credentials') 34 | 35 | # Now make the resource request 36 | # The path below is for the example resource server 37 | print client.request('/analytics-api/videocloud/account/12345/report?dimensions=video,player') 38 | -------------------------------------------------------------------------------- /ruby/.gitignore: -------------------------------------------------------------------------------- 1 | .bundle 2 | .idea 3 | -------------------------------------------------------------------------------- /ruby/.rvmrc: -------------------------------------------------------------------------------- 1 | rvm use ruby-2.1.0@oauthclient --create 2 | -------------------------------------------------------------------------------- /ruby/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'oauth2' 4 | -------------------------------------------------------------------------------- /ruby/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | faraday (0.9.0) 5 | multipart-post (>= 1.2, < 3) 6 | jwt (0.1.11) 7 | multi_json (>= 1.5) 8 | multi_json (1.8.4) 9 | multi_xml (0.5.5) 10 | multipart-post (2.0.0) 11 | oauth2 (0.9.3) 12 | faraday (>= 0.8, < 0.10) 13 | jwt (~> 0.1.8) 14 | multi_json (~> 1.3) 15 | multi_xml (~> 0.5) 16 | rack (>= 2.1.4) 17 | rack (>= 2.1.4) 18 | 19 | PLATFORMS 20 | ruby 21 | 22 | DEPENDENCIES 23 | oauth2 24 | -------------------------------------------------------------------------------- /ruby/README: -------------------------------------------------------------------------------- 1 | Setup: 2 | Install ruby (>= 1.9.2) and rvm. 3 | cd into this directory, which you should have done. 4 | $ rvm gemset create oauthclient 5 | cd to upper directory (cd ..) and cd back to this directory to activate rvm setting. 6 | $ gem install bundler (only if you haven't install bundler in this gem environment) 7 | $ bundle install 8 | 9 | Run: 10 | $ ruby client_credential_example.rb 11 | -------------------------------------------------------------------------------- /ruby/client_credential_example.rb: -------------------------------------------------------------------------------- 1 | require 'oauth2' 2 | 3 | # Replace this with a locally generated client ID and client secret 4 | # Select the analytics API as what you want to grant access to 5 | client_id = '8a3809bd-e9e5-487e-abe9-1d3a54a1febb' 6 | client_secret = '-1LbGuXeusgI4HhUliY16l7jupPte29K3oIGU7xY9CCqgyw6w0t6rBdgazvj6P1ho_XRJo8pPZo6UFXB3qqMKw' 7 | 8 | client = OAuth2::Client.new(client_id, client_secret, 9 | site: 'https://data.brightcove.com/', 10 | token_url: 'https://oauth.brightcove.com/v4/access_token') 11 | token = client.client_credentials.get_token 12 | 13 | # replace 12345 with the account_id 14 | puts token.get('/analytics-api/videocloud/account/12345/report?dimensions=video,player').body # or whatever request you want 15 | --------------------------------------------------------------------------------