1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
agl-identity-agent
==================
**agl-identity-agent** is an OpenID Connect Identity service/binding
for AGL (Automotive Grade Linux).
Overview
--------
The binding currently reads its configuration from a file.
Then, it starts a GATT Bluetooth LE "User Data" service.
When the email characteristic is written, the server is queried to
get the data associated with the key (keytoken=...) for the
current vehicle (vin=...). The key is the email value set.
This is the login process.
An event notifying that a user logged is sent to applications.
The configuration file
----------------------
The configuration file is a JSON file residing in one of the
following places:
- ID/config.json
- /etc/agl/identity-agent-config.json
- CWD/config.json
Where ID is the installation directory and CWD is the
current working directory.
The JSON looks like:
```json
{
"endpoint": "https://agl-graphapi.forgerocklabs.org/getuserprofilefromtoken",
"vin": "4T1BF1FK5GU260429",
"autoadvise": true,
"delay": 5,
"idp": {
"authorization_endpoint": "",
"token_endpoint": "https://agl-am.forgerocklabs.org:8043/openam/oauth2/stateless/access_token"
},
"appli": {
"authorization": "Basic c3RhdGVsZXNzOnBhc3N3b3JkMg==",
"username": "bjensen",
"password": "Passw0rd",
"scope": "openid profile email cn sn givenName ou mail postalAddress departmentNumber physicalDeliveryOfficeName facsimileTelephoneNumber"
}
}
```
Where:
- *delay* is the delay where server request is ignored when a previous request
is started since sthis dealy
- *autoadvise* is a boolean indicating whether the binding must start
the service automatically at initialisation
- *vin* is the vehicule identification number
- *endpoint* is the enpoint to be queried for getting user data
- *idp* describes the OAuth2/OpenId Connect IDP (identity provider)
- *appli* describes the data of the application for the IDP
Not setting *idp* or *appli* implies that no token is queried.
Verbs of API
------------
### agl-identity-agent/advise
Starts offering service on BT interface (hci0).
No argument needed.
### agl-identity-agent/unadvise
Stops offering service on BT interface (hci0).
No argument needed.
### agl-identity-agent/subscribe
Subscribes to event notifications.
No argument needed.
### agl-identity-agent/unsubscribe
Unsubscribes from event notifications.
No argument needed.
### agl-identity-agent/login
Not implemented, always fails.
No argument needed.
### agl-identity-agent/logout
Logout from the current identity.
No argument needed.
### agl-identity-agent/get
Returns the data for the current identity.
No argument needed.
Events of API
-------------
The binding sends the event *agl-identity-agent/event*.
This event signals logins and logouts. It has 2
fields: *eventName* and *accountId*.
For login events, the *eventName* is the string *login*
and the *accountId* is the string identifying the account.
Example of login event:
```json
{
"eventName": "login",
"accountId": "farfoll"
}
```
For login events, the *eventName* is the string *logout*
and the *accountId* is the string *null*.
Example of logout event:
```json
{
"eventName": "logout",
"accountId": "null"
}
```
OAuth2 & OpenId Connect integration
-----------------------------------
When the fields 'appli' and 'idp' are set, the agent uses the
related data to query an access token for accessing the account
data using the flow _Resource Owner Password Credentials Grant_.
|
