Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Overview

The Video Privacy Protection Act (VPPA) requires that Passport members who use PBS Video apps explicitly grant PBS permission to share the user’s personal data (viewing history, favorites, etc.) with the station. The agreement is between the user and PBS, not the user and the station, therefore it is contained in an authentication flow managed by PBS.

PBS Account, the OAuth2 authentication service from PBS Digital, supports the ability for stations to request, on PBS’s behalf, that Passport users accept VPPA.

The three supported use cases are as follows:

  1. Users who have activated Passport but have never accepted VPPA
  2. Users who accepted VPPA has expired
  3. Users in the process of activating Passport

How to implement VPPA

For users who have accepted VPPA but it has expired and for users who have activated Passport but have never accepted VPPA, you can simply add “vppa” as a scope to PBS Account. When combined, “scope=account+vppa” instructs PBS Account to check a user’s VPPA acceptance. If the user is a Passport member and has not accepted VPPA, they will be required to accept VPPA to continue using Passport. If the user’s VPPA is expired, meaning the last assent was more than two years ago, they will also be prompted to accept VPPA.

Sample URL
https://account.pbs.org/oauth2/authorize/?scope=account+vppa&redirect_uri=YOUR-DOMAIN/pbsoauth/callback/&response_type=code&client_id=YOUR-CLIENT-ID&activation=true

VPPA check during activation

If the VPPA check is being done during activation, there is a separate query parameter: “&activation=true.” This forces the VPPA assent modal. It needs to be used in conjunction with the “vppa” scope outlined in the previous section. Each example below is tailored to each activation option - PBS Account, Facebook, and Google. 

Activating with PBS Account - Sample URL
https://account.pbs.org/oauth2/authorize/?scope=account+vppa&redirect_uri=YOUR-DOMAIN/pbsoauth/callback/&response_type=code&client_id=YOUR-CLIENT-ID&activation=true
Activing with Facebook - Sample URL
https://account.pbs.org/oauth2/social/login/facebook/?scope=account+vppa&redirect_uri=YOUR-DOMAIN/pbsoauth/callback/&response_type=code&client_id=YOUR-CLIENT-ID&activation=true
Activating with Google - Sample URL
https://account.pbs.org/oauth2/social/login/google-oauth2/?scope=account+vppa&redirect_uri=YOUR-DOMAIN/pbsoauth/callback/&response_type=code&client_id=YOUR-CLIENT-ID&activation=true