How to: Authorize (Hardware)
How to: Authorize (Hardware)
How to: Authorize (Hardware)
In this guide, we will learn how to authenticate and authorize a Camera to Cloud (C2C) hardware device on a Frame.io project. We will cover both the traditional pairing method using manual code entry and the new QR code pairing method for an enhanced user experience.
If you haven’t read the Before We Start Implementing guide, give it a quick glance before moving on!
Additionally, you should have received a client_secret from our team that will be used to identify your integration. If you have not received a client_secret, please take a look at this introduction to the C2C ecosystem and reach out to our team.
Before starting with QR code pairing, ensure the following prerequisites are met:
v4.c2c_qr_code_activate) must be enabled in your Frame.io account. This feature flag will allow access to the QR code-based pairing method. Your designated Frame.io point of contact can assist in turning on this feature for the account of your choice.Let’s make sure we have a high-level understanding of the expected user experience for the authorization flow we want to implement. Check out the following resources to see this flow from the user’s point of view:
The hardware authorization flow is designed to lift as many details as possible off the implementer, and therefore the device UI. With this flow, you do not need to worry about:
As the demand for efficiency and ease of use grows, users are increasingly expecting seamless interactions with their devices. The current process for pairing cameras to Frame.io’s C2C service requires several steps, including the manual input of a pairing code. While functional, this process can be streamlined.
By leveraging QR codes—similar to the device pairing experiences seen with streaming services like Netflix or Disney+—we can simplify the process, eliminate errors caused by manual input, and reduce the time it takes to pair a camera.
When connecting to Camera to Cloud, each physical hardware device will need to identify itself uniquely so we can list device connections in a user’s project.
For hardware devices, we call this the client_id of the device, depending on what authorization pattern you choose to use. When setting up your implementation, you should think about how you will do this. You could use a serial number of the hardware device, a UUID, or some uniquely identifying string.
Be careful not to leak personally identifying information. The user’s email, for instance, is not a valid value to use as a client_id.
Likewise, make sure you own the unique identifier. If you are implementing the C2C API as a software device, do not use the device’s MAC address, for instance. The MAC address is not owned by your software and might also be considered personally identifying information.
If you’re not sure what value you would like to use, we can talk through this choice together and make sure a suitable value is chosen that makes integration as easy as possible.
Let’s start implementing. The first thing we need to do is request a device code to give the user for a device. We do that by calling the /v2/auth/device/code endpoint:
To enable QR code-based pairing, a minor change in the API call is required. Specifically, two new headers need to be added to the device code request. This allows devices to link directly to the pairing page and streamline the pairing process.
Note: We are using form data here rather than JSON data. The C2C authentication endpoints only accept form data. Once you are authenticated, other endpoints will accept JSON payloads, but the authentication endpoints will return an error if JSON payloads are sent.
asset_create: Allows the device to create and upload assets.offline: Allows the device to refresh its own authorization using a refresh token. Authorization tokens expire after 8 hours, so without this scope, a user would need to re-authorize their device every 8 hours.In practice, devices will almost always want to request both scopes.
When we make the request, we will get a response similar to the following:
Now that we have the verification_uri_complete, we can generate a QR code from this URL and display it to the user on the device’s screen. This allows the user to simply scan the QR code with their mobile device or camera, streamlining the pairing process.
Insert image or illustration of a camera screen displaying the QR code.
If the user cannot scan the QR code for any reason, you must also display the user_code and verification_uri so they can manually enter the pairing code as a fallback. Alternatively, you may also display the verification_uri as a static QR code for user to scan with their mobile devices.
If your integration is an app on a mobile device, displaying the verification_uri_complete as a hyperlink for users to tap on is a must have to enable ease of connectivity, since the user cannot scan the QR code with the device the app is on.
Once we have handed the pairing code or displayed the QR code to the user, we need to check and see if they’ve entered it. To do so, we can make the following request:
client_id sent in Step 1.device_code returned by /v2/auth/device/code.urn:ietf:params:oauth:grant-type:device_code.The first few times we make this request, we’ll likely get a response like so:
But not to worry! This is not a fatal error. It simply means the user has not yet entered the user code into Frame.io’s UI. All we need to do is keep polling until they have.
If instead, we get an error like so:
That means our code expired before the user could enter it. In such a case, we should generate a new pairing code or QR code using Step 1, display it to the user, and then resume polling.
Eventually, we should get a response like:
If your response payload looks like that: Congratulations! You’ve authorized your first Camera to Cloud device. Take a moment to celebrate!
After you’ve celebrated, let’s take a look at that response payload to make sure we understand it:
access_token expires. After the token’s time is up, it will need to be refreshed, which we will go over in a future tutorial.access_token. It will most commonly be used to refresh our authorization, but it can also be used to revoke it.bearer for the C2C API and is not actionable.Now that we know the calls we need to make, let’s put them together into some Python-like pseudocode. Remember, it’s possible for our device code to expire, so we need to handle that possibility when setting up our logic:
Note: In this pseudocode, we’ve added an outer loop to handle the case where the pairing codes expire, and we need to request new ones.
The last thing we should do is fetch the information about the project we have connected to from Frame.io and display it to the user for an extra layer of confirmation that the device was paired to the intended project. We’ll show that in the next tutorial.
If you find yourself here, then something has gone wrong! What would integrating with a third party be without some sort of error? This section lists a set of common issues and will walk you through the steps most likely to solve them. Take a look through the following list and see if anything matches the issue you’re experiencing.
If you don’t find a solution here, we would love to hear the issue you ran into so we can add it here.
invalid_client is returned when the information you are providing to us about the device does not match anything we have on record. This most likely means that your client_secret is incorrect.bad_request is returned when the request data is malformed in some way. Double-check that you have not misspelled a field name or forgotten to add a required field.If you haven’t already, we encourage you to reach out to our team, then continue to the next guide: LINK. We look forward to hearing from you!
To do
Add contingency to partners who cannot generate a dynamic QR Code
aka have them display “Go to **verification_uri** to enter this code” as a backup plan