Ever wondered how "Sign In with Facebook" Works? - OAuth Take 1

I am sure by now, you like me would have given up remembering 1001 username and passwords for each different site that you visit and would be simply benefiting from using your "Social Identity" while registering / signing in to your favourite news, music or online shopping site. 

This trick/technique of sign in with social identity has become extremely popular because it is beneficial for all the three parties involved in the picture. Let's see how and maybe these benefits will also encourage you to use social identity if not already!

1. For You, The King - Multiple advantages. Firstly, it saves your time registering for a new account on a website specially those which you might use rarely. Secondly, it also saves you from remembering the passwords of those sites you will visit regularly. Thirdly, if you are already signed-in to your social identity provider, signing in into other sites becomes a single click approach. Finally, in some cases, it provides a simple mechanism for you to import your photos (from say Facebook) into a photo manipulation service or also share your Quora post among friends on Facebook

2. For your favourite news site - They don't have to implement a complex registeration/sign-in mechanism of their own and can benefit from the fact that you usually would already have an account with at-least one of the popular social identity providers. Also, some of them sneak in other benefits and ask you to provide additional permissions to view all your friends so that they can reach out to them and to the extreme level, post on your behalf on your timeline or twitter feed. In some cases as I talked above, this can also be mutually beneficial to you to import your comment or share your post on another site but you need to be very careful before allowing any such additional access

3. For the social identity provider - Putting in a phrase - it's making them popular among more people and their presence in more places so that they can make more money through ads :-)

Of course, since all the top companies out there are using this approach, it better be secure. Sure it is. This social identity login is based on a sophisticated Authorization Framework called OAuth2.  The introduction of the OAuth spec reads

   The OAuth 2.0 authorization framework enables a third-party
   application to obtain limited access to an HTTP service, either on
   behalf of a resource owner by orchestrating an approval interaction
   between the resource owner and the HTTP service, or by allowing the
   third-party application to obtain access on its own behalf

Ok, I know many of us will stop after reading the intro of the spec, but wait lets simplify this - focus on the three red words above - third-party application, HTTP service and the resource owner.

The third party application here is your favourite news site - it is the third party both with respect to you and Facebook whose login you will use. The HTTP service is Facebook or any other social identity provider - it is a web service in itself. You, The King is the resource owner - you are called so since you are the one who is trying to sign in and  after which whose resources i.e information be as little as your name/email (notice the word limited access) or as much as your complete profile and photos (still limited if you really think what all Facebook knows of you) will be shared

Now, the above intro basically becomes (ignore the approval part for now)

   OAuth is a authorization technique which enables a news site (third-party
   application) to obtain limited access to Facebook (HTTP service), on
   behalf of You (resource owner). This access allows the news site 

   to do different things based on how limited access it has - be it from 
   fetching your name/email from Facebook to register/sign in into itself or

   posting the comment you added on a news article to your Facebook timeline

Sounds interesting? We'll cover how this is achieved in our next post!

The all new and powerful Adobe eSign REST API v5

We have been pretty busy with making updates to our Adobe eSign REST APIs and am really happy to announce that with the REST API v5, we are almost there. 

As you can also notice, we have also introduced multiple functionality and features which are REST API only like "Try It" functionality, integrated "OAuth Support", custom workflows and pagination in events end-points. 

Here is a complete mapping from our SOAP to REST APIs

SOAP API	REST end-point	Comments
Base URIs API calls starting v5 of REST API must be made on a specific base URL obtained either from the api_access_point returned from OAuth workflow or making a call to the GET /base_uris endpoint Transient Document - REST allows documents to be used for creating agreements, widgets and library documents to be uploaded separately and return ids to be used in respective creation calls
getBaseUris	/base_uris, GET
Document Methods
-NA-	/transientDocuments, POST	Uploads a document and return an id valid for 7 days
sendDocument	/agreements, POST	SenderInfo is represented through x-api-user. Files are specified through /transientDocuments above
sendDocumentInteractive	/agreements, POST	InteractiveOptions can be optionally specified for the Interactive behavior
sendDocumentMegaSign	/megaSigns, POST	MegaSign allows sending the same agreement to multiple recipients and creating a separate instance of agreement for each recipient
createLibraryDocument	/libraryDocuments, POST
createLibraryDocumentInteractive	/libraryDocuments, POST	InteractiveOptions can be optionally specified for the Interactive behavior
sendReminder	/reminders, POST
removeDocument	/agreements/{agrId},  DELETE	Deletes the agreement and removes it from Manage Page
cancelDocument	/agreements/{agrId}/status, PUT	Cancel - Called by sender
rejectDocument	/agreements/{agrId}/status, PUT	Reject - Called by current signer
replaceSigner	- Coming Soon-	Replace - Called by sender. Both the original signer and new one can sign
delegateSigning	- Coming Soon-	Delegate - Called by signer. Both the delegator and delegatee can sign
notifyDocumentVaulted	-NAY-
Status Methods
In SOAP API, getDocumentInfo, getDocuments, getAuditTrail etc work on documentKeys which can be an agreement, widget or library document ids. REST API demarcates these as separate resources (cleaner design and strongly typed) and hence based on the kind of resource you are working on, there is a corresponding /libraryDocuments,  /widgets to these .Eg, /widgets/{widgetId}, GET will getDocumentInfo for widgetId. Similarly for the documents, audit trail etc
getDocumentInfo	/agreements/{agrId}, GET
getDocumentInfosByExternalId	/agreements, GET query = externalId	externalId can be used to map your internal Ids to eSign Ids
getDocuments	/agreements/{agrId}/documents, GET	REST returns a list of document ids that can be provided to the following end-point to get document stream
-NA-	/agreements/{agrId}/documents/{docId}, GET	Returns the raw stream of the file. More efficient/compact than base64
-NA-	/agreements/{agrId}/ combinedDocument, GET	Returns raw stream of combined agreement. Can also request to attach audit trail/supporting docs
getDocumentUrls	/agreements/{agrId}/combinedDocument/ url, GET /agreements/{agrId}/documents/{docId}/ url, GET	Retrieve the URL of the combined document Retrieve the URL of an individual document
getDocumentImageUrls	/agreements/{agrId}/documents/imageUrls, GET /agreements/{agrId}/documents/{docId}/ imageUrls, GET	Retrieve the image URLs of all the visible pages of an agreement Retrieve image URLs of all the visible pages of an agreementÕs document
getSupportingDocuments	/agreements/{agrId}/documents, GET	Can also specify content format
getFormData	/agreements/{agrId}/formData, GET	Returns CSV file stream
getAuditTrail	/agreements/{agrId}/auditTrail, GET
getSigningUrl	/agreements/{agrId}/signingUrls, GET
User Methods
verifyUser	-NA-
searchUserDocuments	/agreements, GET	Provide search string in 'query' parameter
-NA-	Agreement asset below refers to any asset through which an agreement can be created - library document, widget and agreement itself
getDocumentEventsForUser	/search/agreementAssetEvents, POST	Create search query with date range and event type filters. Get searchId, first page results & next page cursor
-NA-	/search/agreementAssetEvents/ {searchId}, GET	Use searchId and pageCursor to get paginated results
getEmbeddedView	/views/agreementAssets, GET	Equivalent to specifying EmbeddedViewTarget= AGREEMENT
	/views/agreementAssetList, GET	EmbeddedViewTarget = AGREEMENT_LIST
	/views/settings, GET	EmbeddedViewTarget = USER_PROFILE/ACCOUNT_SETTINGS
getMyDocuments	/agreements, GET
getUserDocuments	/agreements, GET	Use x-api-user for specifying the user whose agreements are to be retrieved
getMyLibraryDocuments	/libraryDocuments, GET
getLibraryDocumentsForUser	/libraryDocuments, GET	Use x-api-user for specifying the user whose lib documents are to be retrieved
getMyWidgets	/widgets, GET
getWidgetsForUser	/widgets, GET	Use x-api-user for specifying the user whose widgets are to be retrieved
getMegaSignDocument	/megaSigns/{megaSignId}/agreements, GET	Get all child agreement ids of the parent MegaSign
getUsersInAccount	/users, GET
createGroup	/groups, POST
deleteGroup	/groups/{groupId}, DELETE
renameGroup	/groups/{groupId}, PUT
getGroupsInAccount	/groups, GET
getUsersInGroups	/groups/{groupId}/users, GET
moveUsersToGroup	/users/{userId}, PUT	Specify the new groupId in the request
getUserInfo	/users/{userId}, GET
Widget Methods
REST simplifies the various creation and personalization methods of SOAP into two endpoints
createEmbeddedWidget	/widgets, POST
createPersonalEmbeddedWidget	/widgets, POST /widgets/{widgetId}/personalize, PUT	Create and personalize
personalizeEmbeddedWidget	/widgets/{widgetId}/personalize, PUT
createUrlWidget	/widgets, POST
createPersonalUrlWidget	/widgets, POST /widgets/{widgetId}/personalize, PUT	Create and personalize
personalizeUrlWidget	/widgets/{widgetId}/personalize, PUT
disableWidget	/widgets/{widgetId}/status, PUT	Use status value as DISABLE
enableWidget	/widgets/{widgetId}/status, PUT	Use status value as ENABLE