OAuth

PeeringDB now offers OAuth2 authentication for third-party applications to allow users to authenticate against PeeringDB.

Implementation details are at Github #131. For an example, see IXP-Manager issue #322.

What is OAuth?

There is a good write up at https://aaronparecki.com/oauth-2-simplified/.

Register an application

First you need to register your application at PeeringDB.

For most applications, you'll want to use the following:

Client type: Confidential
Authorization grant type: Authorization code
Redirect uris: add your redirect URLs here
An OIDC algorithm must be selected.

URLs

PDB_ENDPOINT = "https://auth.peeringdb.com/"

PDB_OAUTH_ACCESS_TOKEN_URL = '{}oauth2/token/'.format(PDB_ENDPOINT)
PDB_OAUTH_AUTHORIZE_URL = '{}oauth2/authorize/'.format(PDB_ENDPOINT)
PDB_OAUTH_PROFILE_URL = '{}profile/v1'.format(PDB_ENDPOINT)

Fields

The fields are based largely on OpenID Connect.

Scopes currently are defined as

profile : user profile
email : adds fields email and verified_email
networks : add field networks

The perms field is a bitmask for CRUD as the 4 least significant bits. See following:

0b0000 1 1 1 1
       | | | +-- Delete
       | | +---- Update
       | +------ Read
       + ------- Create

Example for my user:

{
  "id": 3,
  "name": "Matt Griswold",
  "given_name": "Matt",
  "family_name": "Griswold",
  "email": "grizz@20c.com",
  "verified_user": true,
  "verified_email": true,
  "networks": [
    {
      "perms": 15,
      "asn": 63311,
      "name": "20C",
      "id": 20
    }, 
    {
      "perms": 15,
      "asn": 33713,
      "name": "United IX",
      "id": 7889
    }
  ]
}

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search