The purpose of having OAuth details on an SSS feed is to allow the feed to contain exclusive content.
The technical problem OAuth helps us solve is that creators upload their content to a Hosting Provider (eg: Taddy Ink), but consumers use a different app (eg: Inkverse) to view content. Therefore, if a creator wants to have exclusive content that is only available to their Patreon backers, how do Taddy and Inkverse work together to verify that only paid users can access exclusive content? We use an OAuth workflow to do so.
Taddy Ink (Hosting Provider) and Inkverse (Client App) are used as examples but can be replaced with any alternative conforming to the SSS open specification.
Our OAuth workflow can be summarized as OAuth with one additional step. That one additional step is to make one more request to get a content token. The content token gives you access to content for a specific comic.
<aside> 💡 Follow along with this example:
Our Test comic, Larry’s Lullaby, is free to read. However, to access the latest 3 episodes of the comic you have to be a Patreon backer of Daniel Mathews ($1 tier, but there is a 7 day free trial). Follow the steps below to be able to view the latest 3 episodes:
?token=contentToken
. Paid episodes and will have scopesForExclusiveContent:["patreon]
property.oauth: {
signupUrl: '<https://taddy.org/developers/signup>',
authorizeUrl: '<https://taddy.org/fans/authorize>',
tokenUrl: '<https://taddy.org/auth/oauth2/token>',
newAccessTokenUrl: '<https://taddy.org/auth/oauth2/new_access_token>',
newRefreshTokenUrl: '<https://taddy.org/auth/oauth2/new_refresh_token>',
newContentTokenUrl: '<https://taddy.org/auth/oauth2/new_content_token>',
instructionsUrl: '<https://taddy.org/developers/instructions>',
publicKey: '-----BEGIN PUBLIC KEY-----XYZ----END PUBLIC KEY-----'
},
Important notes for the Example above:
Endpoints needed for the OAuth workflow
Property |
Type |
Description |
---|---|---|
signupUrl | String | The url to sign up for a client_id and client_secret |
authorizeUrl | String | The 1st step in OAuth. The url to get an authorization code. |
tokenUrl | String | The 2nd step in OAuth. The url to exchange an authorization code for an access token and a refresh token. |
newAccessTokenUrl | String | Once you have a refresh token, you can exchange it for a new access token |
newRefreshTokenUrl | String | Once you have a refresh token, you can exchange it for a new refresh token |
newContentTokenUrl | String | Once you have an access token, you can exchange it for a new content token |
instructionsUrl | String | Additional instructions from the Hosting provider. |
publicKey | String | Public Key from the hosting provider you can use to verify that all tokens are from them. |
The URL to sign up and get a client_id and client_secret and register your callback_url. See instructionsUrl if you need more instructions.
The 1st step in OAuth. Send the end user to this URL address to verify they have paid for exclusive content.
Example of what an authorizeUrl looks like eg) Taddy Ink
Append these URL parameters to the authorizeUrl: