-
Notifications
You must be signed in to change notification settings - Fork 2
API Documentation
Memverse uses the rocket_pants gem (https://github.com/Sutto/rocket_pants) to generate API responses:
The following is a list of the key models in the Memverse application that you are likely to consume:
User - account information for individual user
Verse - a single verse in a specific translation
Memverse - a single memory verse belonging to a user, contains memorization interval, difficulty etc.
Passage - a contiguous collection of memverses (will not cross chapter boundaries)
ProgressReport - a daily entry in the user's progress log
Memverse currently supports two methods:
- https://github.com/applicake/doorkeeper/wiki/Authorization-Code-Flow
- https://github.com/applicake/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow
There is a rudimentary client which can be used to explore the API.
https://github.com/avitus/doorkeeper-devise-client
Start it on localhost:3001 (or any port other than the one the Memverse server is running on.)
rails s -p 3001
It will allow you to Oauth using Memverse and then explore the API.
- Doorkeeper requires the user to be signed in to an active session. We need an API to authenticate more easily than scraping the login page. This page might work as a start: https://github.com/applicake/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow (ALV: this should be implemented now ... seems to work in testing) (KKH: change looks good, I'll try it out soon)
public static async Task<CookieContainer> AuthenticateWithCredentialsAsync()
{
var handler = new HttpClientHandler();
var httpClient = new HttpClient(handler);
var signInResult = await httpClient.GetAsync(
"http://www.memverse.com/users/sign_in",
HttpCompletionOption.ResponseContentRead).ConfigureAwait(false);
var tokenPrefix = @"name=""authenticity_token"" type=""hidden"" value=""";
var getRequestContents = await signInResult.Content.ReadAsStringAsync().ConfigureAwait(false);
var authenticity_token = getRequestContents.Substring(getRequestContents.IndexOf(tokenPrefix) + tokenPrefix.Length);
authenticity_token = authenticity_token.Substring(0, authenticity_token.IndexOf('"'));
var content = new FormUrlEncodedContent(new Dictionary<string, string>()
{
{ "utf8", "✓" },
{ "authenticity_token", authenticity_token},
{ "user[email]", "[email protected]" },
{ "user[password]", "password" },
{ "user[remember_me]", "1" },
{ "commit", "" },
});
await httpClient.PostAsync("http://www.memverse.com/users/sign_in", content).ConfigureAwait(false);
return handler.CookieContainer;
}
-
Need API for registering new user - preferably without needing email authentication (ALV: can we stick with email authentication for now? It's the only way we've been able to maintain our email reputation ... I will look into a way to not email mobile-only users if we need that)(KKH: this is lower priority, just one extra button for a user to click when signing up)
-
Need API for associating existing account with Windows Live SSO
-
Need to enable more than just the index/show actions for core controllers (users, memverses, etc.) (ALV: I'll start working for now on creating & updating memverses)
-
Scalability: Need API for viewing changed server data from last sync time. Otherwise a user with 1000s of verses needs to retrieve all of them each time the app is started. (ALV: Yikes!)
-
Need client app with id of 07346b9a9cb572035f3d42fb2c734ba16400fd867634008ec5c4db98a0f8993b to be preauthorized without requiring extra user confirmation step (ALV: I'm not too sure how to do this. Is this to enable an admin client app?)(KKH: see https://github.com/applicake/doorkeeper/commit/0dda6d2325322aade7560ecb8419df4f319873df, might not be needed in the latest version of doorkeeper. Otherwise, just doing a return true should be ok here. This authorizes the mobile app to use the oauth access_token to read/update that user's memverses.
# Under some circumstances you might want to have applications auto-approved,
# so that the user skips the authorization step.
# For example if dealing with trusted a application.
# skip_authorization do |resource_owner, client|
# client.superapp? or resource_owner.admin?
# end