MiniFinder team has created more secure way of authorization similar to oAuth. Old authorization way (core/login) was valid till 01 Oct 2015. All clients who implemented own login forms or demo-access links should change them to meet new authorization way.
For now two forms exist: extended and simplified.
Extended form
Form is generally useful for mobile and other apps.
http://{host}/login.html
http://{host}/login.html?client_id=...&access_type=...&activation_time=...&duration=...&lang=...&flags=...&user=...&redirect_uri=...&response_type=...&css_url=...
All parameters are optional
| Name | Description | On default |
|---|---|---|
| client_id | app/site/client name for whom to generate token | site name (title) |
| access_type | token flags | 0x100 |
| activation_time | token activation time (UTC time in seconds: 0 – now) |
0 |
| duration | token duration (in seconds) | 2592000 (30 days in seconds) |
| lang | language (en, ru, …); | |
| flags | flags: 0x1 – return user name in response | 0 |
| user | user name (will be in login field) |
|
| redirect_uri | URL to redirect and forward authorization results | login.html itself |
| response_type | response will be contain token (token) or AuthHash (hash) | token |
| css_url | URL to CSS-file with specified styles for login_simple.html |
After successful authorization redirect to redirect_uri occurs and next GET-parameters transferred:
-
- access_token — 72-symbol token which ma ybe used for authorization in future;
- user_name — authorized user name (if 0x1 flag was stated before token generation).
In case of authorization error redirect occurs to the login form itself, specified error is shown and next GET-parameters transferred:
- svc_error — error code;
- client_id;
- access_type;
- activation_time;
- duration;
- flags.
After getting 72-symbol token you may use it in your authorization apps:
svc=token/login¶ms={"token":"<access_token>","operateAs":"<optional_sub_user>"}
Simplified form
Form is made for simple embedding into sites via iframe to further quick jump to one or more monitoring sites after authorization On default link to monitoring site will be created. Also you may add links to other sites (using cms_url, lite_url, mobile_url, demo_url).
http://{host}/login_simple.html
http://{host}/login_simple.html?lang=...&cms_url=...&cms_title=...&lite_url=...&mobile_url=...&demo_title=...&demo_url=...&title=...&css_url=...
All parameters are optional
| Name | Description |
|---|---|
| lang | language (en, ru, …) |
| cms_url | URL to CMS Manager site if stated – will be added to quick jump sites list |
| cms_title | link title for CMS Manager |
| lite_url | URL to MiniFinder GO Lite site (for example http://lite.example.com) |
| lite_title | link title for MiniFinder GO Lite |
| mobile_url | URL to MiniFinder GO Mobile site (for example http://m.example.com) |
| mobile_title | link title for MiniFinder GO Mobile |
| title | link title for Monitoring site |
| demo_url | URL for demo-access (for example http://go.minifinder.com/?token=<token>) |
| demo_title | link title for demo-access |
| css_url | URL to CSS-file with specified styles for login_simple.html |