{"_id":"546b922862515a14007ebc4f","category":{"_id":"545137a814af501a00b50cfd","project":"545137a814af501a00b50cf9","version":"545137a814af501a00b50cfc","pages":["545137a814af501a00b50cff","5451389e14af501a00b50d11","5451384514af501a00b50d04","546b8edb62515a14007ebc39","546b9214b47b5d1400109efa","546b922862515a14007ebc4f","546b9234b47b5d1400109efc","546b924762515a14007ebc51","546b925662515a14007ebc53","546fdac1691dc8080089521d","547374bd007eb108007e0380"],"__v":11,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-10-29T18:53:28.598Z","from_sync":false,"order":0,"slug":"documentation","title":"Documentation"},"project":"545137a814af501a00b50cf9","version":{"_id":"545137a814af501a00b50cfc","project":"545137a814af501a00b50cf9","__v":11,"createdAt":"2014-10-29T18:53:28.525Z","releaseDate":"2014-10-29T18:53:28.525Z","categories":["545137a814af501a00b50cfd","545138eaa66f020800dbab4a","546b9072b47b5d1400109edf","546b9082b47b5d1400109ee0","546b9088b47b5d1400109ee1","546b909462515a14007ebc43","546b90a0b47b5d1400109ee2","546ced235884600e007a92f6","5481008eea7fd40b00cd7c2b","573b9d83ee2b3b220042291f","57be1efa15efc70e006a5f99"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"githubsync":"","parentDoc":null,"user":"5433099f9a2b451a00ad4531","__v":20,"updates":["54ee01d28dafa7250027e65e","55cce35ea15ad619004af25d"],"next":{"pages":[],"description":""},"createdAt":"2014-11-18T18:38:32.991Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"basic_auth":false,"results":{"codes":[]},"settings":"","try":true,"auth":"never","params":[],"url":""},"isReference":false,"order":2,"body":"**Implement Authentication**\n\nThe next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data. This is the three-part server-side OAuth 2 process and tutorial:\n\n**A. User Authentication** \nA “Sign in with Yammer” button on your app’s login page will initiate user authentication. When the user clicks the button, it redirects them to Yammer’s OAuth 2 dialog at: \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"https://www.yammer.com/oauth2/authorize?client_id=[:client_id]&response_type=code&redirect_uri=[:redirect_uri]\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n`client_id` and `redirect_uri` are available in the app that you registered. The `redirect_uri` should match the Redirect URI entered in the app registration page.\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"REGISTERED REDIRECT URI\",\n    \"h-1\": \"REDIRECT_URI PARAMETER PASSED TO AUTHORIZE\",\n    \"h-2\": \"VALID?\",\n    \"0-2\": \"YES\",\n    \"1-2\": \"YES\",\n    \"2-2\": \"YES\",\n    \"3-2\": \"YES\",\n    \"4-2\": \"NO\",\n    \"5-2\": \"YES\",\n    \"6-2\": \"NO\",\n    \"0-0\": \"http://yourcallback.com/\",\n    \"1-0\": \"http://yourcallback.com/\",\n    \"2-0\": \"http://yourcallback.com/?this=that\",\n    \"3-0\": \"http://yourcallback.com/?this=that\",\n    \"4-0\": \"http://yourcallback.com/callback\",\n    \"5-0\": \"http://yourcallback.com/callback\",\n    \"6-0\": \"http://yourcallback.com/\",\n    \"0-1\": \"http://yourcallback.com/\",\n    \"1-1\": \"http://yourcallback.com/?this=that\",\n    \"2-1\": \"http://yourcallback.com/\",\n    \"3-1\": \"http://yourcallback.com/?this=that&another=true\",\n    \"4-1\": \"http://yourcallback.com/\",\n    \"5-1\": \"http://yourcallback.com/callback?type=mobile\",\n    \"6-1\": \"http://yourcallback.com/callback\"\n  },\n  \"cols\": 3,\n  \"rows\": 7\n}\n[/block]\nAlso, make sure to specify the `response_type`, which, in this case is code.\n\n**B. App Authorization**\n\nOnce Yammer has successfully authenticated the user, the OAuth 2 dialog will prompt them to authorize the app. If the user clicks “Allow”, your app will be authorized. The OAuth 2 dialog will redirect the user’s browser via HTTP 302 to the `redirect_uri` with an authorization code: http://[:redirect_uri]?code=[:code]\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/5VsRWE4pSzOayENGZGnA_6-OAuth2-1.png\",\n        \"6-OAuth2-1.png\",\n        \"790\",\n        \"467\",\n        \"#206495\",\n        \"\"\n      ],\n      \"caption\": \"OAuth 2 User prompt box\"\n    }\n  ]\n}\n[/block]\n**C. App Authentication**\n\nSubmit a GET request on the OAuth Token Endpoint, passing in the authorization code you received above, plus your app secret. The endpoint is: https://www.yammer.com/oauth2/access_token.json?client_id=[:client_id]&client_secret=[:client_secret]&code=[:code] Yammer will return an access token object as part of the response, which includes user profile information. From this object, parse out and store the “token” property. This token will be used to make subsequent API calls to Yammer and will not expire.\n\nSample Code - Here is sample code, using Rails, to help you get started on authentication. We’ll use OmniAuth, a library that makes it easy to implement authentication to Yammer (https://github.com/intridea/omniauth), and the OmniAuth Yammer gem containing the Yammer strategy for OmniAuth 1.0 (https://github.com/le0pard/omniauth-yammer).\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"1) Add the following to your Gemfile:\\n   gem 'omniauth', '~> 1.0'\\n   gem 'omniauth-yammer'\\n   \\n2) Run\\n   bundle install\\n   \\n3) Add the OmniAuth middleware to your Rails app by updating config/initializers/omniauth.rb to include:\\n   Rails.application.config.middleware.use OmniAuth::Builder do\\n   provider :yammer, 'Client Id', 'Client Secret'\\n   end\\n   \\n4) Make sure you set the URL in the “Redirect URI” field of your app settings to:\\nhttp://yourappurl/auth/yammer/callback\\n\\n5) Setup your application to handle the callback URL. Typically you would retrieve the OAuth access token and create   a new user session\\n\\n   - Create a new sessions controller with the create action:\\n     rails generate controller sessions create\\n\\n   - Add the following to your routes.rb file:\\n     match '/auth/yammer/callback', :to => 'sessions#create'\\n\\n   - In your sessions_controller.rb file define the create method:\\n     def create\\n     auth = request.env['omniauth.auth']\\n     render :text => auth[:credentials][:token]\\n     end\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"authentication-1","type":"basic","title":"Step 2: Authentication"}

Step 2: Authentication


**Implement Authentication** The next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data. This is the three-part server-side OAuth 2 process and tutorial: **A. User Authentication** A “Sign in with Yammer” button on your app’s login page will initiate user authentication. When the user clicks the button, it redirects them to Yammer’s OAuth 2 dialog at: [block:code] { "codes": [ { "code": "https://www.yammer.com/oauth2/authorize?client_id=[:client_id]&response_type=code&redirect_uri=[:redirect_uri]", "language": "text" } ] } [/block] `client_id` and `redirect_uri` are available in the app that you registered. The `redirect_uri` should match the Redirect URI entered in the app registration page. [block:parameters] { "data": { "h-0": "REGISTERED REDIRECT URI", "h-1": "REDIRECT_URI PARAMETER PASSED TO AUTHORIZE", "h-2": "VALID?", "0-2": "YES", "1-2": "YES", "2-2": "YES", "3-2": "YES", "4-2": "NO", "5-2": "YES", "6-2": "NO", "0-0": "http://yourcallback.com/", "1-0": "http://yourcallback.com/", "2-0": "http://yourcallback.com/?this=that", "3-0": "http://yourcallback.com/?this=that", "4-0": "http://yourcallback.com/callback", "5-0": "http://yourcallback.com/callback", "6-0": "http://yourcallback.com/", "0-1": "http://yourcallback.com/", "1-1": "http://yourcallback.com/?this=that", "2-1": "http://yourcallback.com/", "3-1": "http://yourcallback.com/?this=that&another=true", "4-1": "http://yourcallback.com/", "5-1": "http://yourcallback.com/callback?type=mobile", "6-1": "http://yourcallback.com/callback" }, "cols": 3, "rows": 7 } [/block] Also, make sure to specify the `response_type`, which, in this case is code. **B. App Authorization** Once Yammer has successfully authenticated the user, the OAuth 2 dialog will prompt them to authorize the app. If the user clicks “Allow”, your app will be authorized. The OAuth 2 dialog will redirect the user’s browser via HTTP 302 to the `redirect_uri` with an authorization code: http://[:redirect_uri]?code=[:code] [block:image] { "images": [ { "image": [ "https://files.readme.io/5VsRWE4pSzOayENGZGnA_6-OAuth2-1.png", "6-OAuth2-1.png", "790", "467", "#206495", "" ], "caption": "OAuth 2 User prompt box" } ] } [/block] **C. App Authentication** Submit a GET request on the OAuth Token Endpoint, passing in the authorization code you received above, plus your app secret. The endpoint is: https://www.yammer.com/oauth2/access_token.json?client_id=[:client_id]&client_secret=[:client_secret]&code=[:code] Yammer will return an access token object as part of the response, which includes user profile information. From this object, parse out and store the “token” property. This token will be used to make subsequent API calls to Yammer and will not expire. Sample Code - Here is sample code, using Rails, to help you get started on authentication. We’ll use OmniAuth, a library that makes it easy to implement authentication to Yammer (https://github.com/intridea/omniauth), and the OmniAuth Yammer gem containing the Yammer strategy for OmniAuth 1.0 (https://github.com/le0pard/omniauth-yammer). [block:code] { "codes": [ { "code": "1) Add the following to your Gemfile:\n gem 'omniauth', '~> 1.0'\n gem 'omniauth-yammer'\n \n2) Run\n bundle install\n \n3) Add the OmniAuth middleware to your Rails app by updating config/initializers/omniauth.rb to include:\n Rails.application.config.middleware.use OmniAuth::Builder do\n provider :yammer, 'Client Id', 'Client Secret'\n end\n \n4) Make sure you set the URL in the “Redirect URI” field of your app settings to:\nhttp://yourappurl/auth/yammer/callback\n\n5) Setup your application to handle the callback URL. Typically you would retrieve the OAuth access token and create a new user session\n\n - Create a new sessions controller with the create action:\n rails generate controller sessions create\n\n - Add the following to your routes.rb file:\n match '/auth/yammer/callback', :to => 'sessions#create'\n\n - In your sessions_controller.rb file define the create method:\n def create\n auth = request.env['omniauth.auth']\n render :text => auth[:credentials][:token]\n end", "language": "text" } ] } [/block]