Overview
PBS Account is a PBS's OAuth2 provider (though, it also supports authentication via Google and Facebook Oauth2); it can be used to implement login on station site and/or for Passport.
It is based on OAuth2. You can learn more about by OAuth2 here:
Getting started
- Request a client id, client secret, and scopes (tell support what you need to access) from PBS Support.
- Provide a redirect URI in your request: this is the URL you want your users to land on once they have successfully logged in to your site
- Develop your implementation, using the PBS Account QA https://account-qa.pbs.org/accounts/login/ site, until you are ready for production.
After we process your request, what we give you
Client id - given to you by a PBS Account Admin
Client secret - granted to you by a PBS Account Admin
- Scope(s): this denotes what you can do with your access token; currently we require 'account' and station name (e.g. 'wnet') scopes
- Access token - actually, this is dynamically provided via the OAuth2 workflow
Endpoints
| Authorization endpoint | https://account.pbs.org/oauth2/authorize/ |
|---|---|
| Token exchange endpoint | https://account.pbs.org/oauth2/token/ |
- You must provide the PBS Account URL for the environment you're using (example: https://account.pbs.org/oauth2/user/info/) (Figure 1.1)
- Enter the access token you received after successfully authenticating to PBS Account (Figure 1.2). Be sure to type "Bearer" before the access token.
- Results for the requested record appear (Figure 1.3).
Login snapshot
What's happening in the back-end
Implementing VPPA
The Video Privacy Protection Act (VPPA) requires that Passport members who use PBS Video apps explicitly grant PBS permission to share the user’s personal data (viewing history, favorites, etc.) with the station. To be clear, the agreement is between the user and PBS, not the user and the station which is why it is contained in an authentication flow managed by PBS.
Related pages