This sample Android Application demonstrates how to authenticate an OCLC user to obtain an access token.
A use case would be to allow a library patron to view their checked out items, place holds or renew materials on an Android phone or tablet.
A tutorial explaining this application's code in detail is available here.
$ git clone https://github.com/OCLC-Developer-Network/oclc-auth-android.git
Open the library using Eclipse.
Set the authentication parameters in the authentication.xml file.
<resources>
<string name="authenticatingServerBaseUrl">https://authn.sd00.worldcat.org/oauth2</string>
<string name="wskey"></string>
<string name="authenticatingInstitutionId"></string>
<string name="contextInstitutionId"></string>
<string name="redirectUrl"></string>
<string name="scopes"></string>
<string name="responseType">token</string>
</resources>
To request or manage web service keys, use OCLC Service Configuration.
To learn more about authentication and access tokens, see this article on Mobile Flow from the OCLC Developer Network.
https://authn.sd00.worldcat.org/oauth2/authorizeCode? client_id={a valid wskey} &authenticatingInstitutionId=128807 &contextInstitutionId=128807 &redirect_uri=oclcApp%3A%2F%2Fuser_agent_flow &response_type=token &scope=WMS_NCIP
{ "access_token" = "tk_U13DrzOHW8eep3jvwIpNX2rDcfuhvetNbrFm"; "context_institution_id" = 128807; "expires_at" = "2014-01-05%2011:57:26Z"; "expires_in" = 1199; principalID = "{your principalID}"; principalIDNS = "{your principalIDNS}"; "token_type" = bearer; }
Currently a refresh token can only get an authentication token by making an HMAC request. However, you cannot make an HMAC request from a mobile device because that would require storing the key and the secret in the device, which is unsafe and insecure. So for now, it is not recommended to use refresh tokens for mobile devices to access OCLC services.
https://authn.sd00.worldcat.org/oauth2/authorizeCode? client_id={a valid wskey} &authenticatingInstitutionId=128807 &contextInstitutionId=128807 &redirect_uri=oclcApp%3A%2F%2Fuser_agent_flow &response_type=token &scope=WMS_NCIP%20refresh_token
{ "access_token" = "tk_nd4GoLXjFcAabig2AJzOMpzhPkI2LFZtbLD6"; "context_institution_id" = 128807; "expires_at" = "2014-01-05%2012:07:09Z"; "expires_in" = 1199; principalID = "{your principalID}"; principalIDNS = "{your principalIDNS}"; "refresh_token" = "rt_nucaPASHXXZ3L2F6vNYucr2xudlKfnc8v8si"; "refresh_token_expires_at" = "2014-01-12%2011:47:09Z"; "refresh_token_expires_in" = 604799; "token_type" = bearer; }