Versions Compared

Old Version 15

changes.mady.by.user Sam Heijens

Saved on

compared with

New Version Current

changes.mady.by.user Jonas Bras

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Info

Login using OAuth2.0 is available since MediaHaven version 18.4. It is the preferred way of authenticating for new integrations.

...

2. Obtaining a token

Client Credentials Grant a.k.a. interactive flow.

Info

If your app offers a UI, you are required to use this flow

...

The user will be greeted by a MediaHaven login screen where he can login with one of the configured login options. Once logged in, the user will need to grant your app access to his account.

...

Image Added

Info

In 18.4 only default MediaHaven credentials are supported. Starting from version 19.1, if SAML login is configured, it will also be available here.

Tip

It is possible to automatically redirect to an external auth provider (as a means to set-up SSO) by using the autologin=<name-of-login-service> query parameter:
https://integration.mediahaven.com/auth?client_id=882rgLgNTSqwBSnUUbC3qRiUfMGhorzZ&autologin=mediahaven
Contact MediaHaven support if unsure on what value to use.

Tip

By default the authorization portal will auto-sense the language used by the end-user. Supported languages are nl, fr and en. It is possible to override this auto-sensing by adding the lang=<lang-code> query parameter:
https://integration.mediahaven.com/auth?client_id=882rgLgNTSqwBSnUUbC3qRiUfMGhorzZ&lang=nl

If the user clicks the "Authorize" option he will be redirected back to your initially registered Redirect-URL, with the Authorization code as query parameter:

...

Below is an example of the request with cURL. 

Code Block
curl -X POST https://integration.mediahaven.com/auth/ropc.php \
    --data "username=username" \
    --data "password=usernamespassword" \
    --data "client_id=882rgLgNTSqwBSnUUbC3qRiUfMGhorzZ" \
    --data "client_secret=KwfoaaXUDc6xdQKxBwxvxK55D4wZQ757"

If all goes well, you'll receive a  status 200 with the following JSON:

Code Block
{
    "refresh_token":"1INOoUzpcFNa2diTVDGg86696mvJkUdZ",
    "token_type":"bearer",
    "access_token":"WySMF6lvPBsuV4X2tImsXe14zjzb1GEC",
    "expires_in":7200
}
Warning

It's also possible a statuscode != 200 is returned. You must take appropriate action.

...

Code Block
curl -X GET https://integration.mediahaven.com/mediahaven-rest-api/resourcesv2/mediarecords -H "Authorization: bearer WySMF6lvPBsuV4X2tImsXe14zjzb1GEC"

...

If the response returns a 401 Unauthorized, that means that the refresh_token has expired or your App permissions have been revoked. You would then start the flow back from the beginning.

5. Supported combinations

Note

When logging in multiple times, it must always be done with the same method as the first time otherwise you will get unauthorized when on the next attempt with a different method. If you wish to switch to a different method the user must be deleted first in MediaHaven.

Flow / Method

SAML
External
Authentication

Active Directory
External Authentication

MediaHaven
Internal
Authentication

https://mediahaven.atlassian.net/wiki/spaces/CS/pages/872251552/OAuth2.0#Client-Credentials-Grant-a.k.a.-interactive-flow.

(tick)

(tick)
(if MediaHaven authentication is allowed in the OAuth portal)

(tick)
(if MediaHaven authentication is allowed in the OAuth portal)

https://mediahaven.atlassian.net/wiki/spaces/CS/pages/872251552/OAuth2.0#Resource-Owner-Password-Credentials

(error)

(tick)

(tick)