P4OAuth API

The P4OAuth API provides a few different workflows. The exact calls you'll make varies generally with each workflow. You'll typically need to worry about the "fetch p4 token" workflow, and one of the grant workflows.

You'll have to implement a redirect handler, however, that can retrieve authorization and p4d tokens, and generally know "what to do" with them.

Fetch P4 Token

Outside of the grant workflows is a basic "get me my p4d token for this whitelist" given a particular access token.

Send a GET request to the URL:

https://p4oauth.perforce.com/p4token?redirect_uri=[WHITELISTED URL]&client_id=[LOGIN]

Required header:

Authorization: Bearer A129380-123124-2312314

Required parameters:

Optional parameter:

This will return the P4D token via text.

Password Authorization Grant

This grant is probably valid for P4OAuth since all of our applications must be put on a whitelist anyway for this thing to work. This allows the client application to collect the login and password, and submits those to the p4oauth server. The code authorization grant has the P4OAuth server collect this information "indirectly".

  1. The user starts at the client application, which collects the username and password

  2. The client application posts this information to the P4OAuth "password grant" URL

  3. The browser is redirected back to the client application with an authorization code

  4. The client application POSTs this authorization code back to the P4OAuth server, and receives the access token (which can be handed off to other apps) and a p4d token usable on that host only.

Password Grant Request

Make a POST request to this URL:

http://p4oauth.example.com/grants/password

Required parameters:

Optional parameters:

Redirect

After login, your client application will be called back with the following information:

[WHITELISTED URL]?code=[AUTH CODE]

If you've added a state option, it will appear as another URL parameter.

Access Token POST

This may change soon to include HTTP basic authentication

Your application should take the AUTH CODE from the redirect, and generate the following POST request to this URL:

https://p4oauth.example.com/grants/token

Required POST parameters:

The post will return a JSON response:

{
    "token_type": "bearer",
    "access_token": "A129380-123124-2312314",
    "perforce_token": "12983918247912875AH"
}

Code Authorization Grant

The code authorization grant is intended for general web applications. The workflow involves a few redirects:

  1. The user starts at the client application, or "resource owner"

  2. The user is redirected to the P4OAuth server

    • The P4OAuth server will likely present a login page for the user to sign in with their Perforce credentials
  3. The user is redirected back to the client application

    • At this point, the client application has received an "authorization code" that must be submitted back to the P4OAuth server
    • When the client application posts the authorization code back, it receives the access token, and, a P4 token for the registered client application host

The access token is really all that the client application should maintain for the user. The client application can pass that access token around to other services using the bearer authorization header. Each other service will then use that token to retrieve the p4d token that has been provided for that host.

Authorization Start Request

Make a GET request to the authorization start URI:

https://p4oauth.example.com/grants/authorization_code?response_type=code&client_id=[LOGIN]&redirect_uri=[WHITELISTED URL]

Required options:

It's recommended that clients add a state parameter to ensure that redirects back to the handler are double-checked.

Redirect

After login, your client application will be called back with the following information:

[WHITELISTED URL]?code=[AUTH CODE]

If you've added a state option, it will appear as another URL parameter.

Access Token POST

This may change soon to include HTTP basic authentication

Your application should take the AUTH CODE from the redirect, and generate the following POST request to this URL:

https://p4oauth.example.com/grants/token

Required POST parameters:

The post will return a JSON response:

{
    "token_type": "bearer",
    "access_token": "A129380-123124-2312314",
    "perforce_token": "12983918247912875AH"
}