3 title: Binder Application writing guide
5 https://git.automotivelinux.org/src/app-framework-binder/plain/docs/afb-application-writing.md?h=master
8 <!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/apis_services/master/app-framework-binder-developer-guides-api-services-book.yml -->
10 # How to write an application on top of AGL FRAMEWORK
12 ## Programming Languages for Applications
14 ### Writing an HTML5 application
16 Developers of HTML5 applications (client side) can easily create
17 applications for AGL framework using their preferred
20 Developers may also take advantage of powerful server side bindings to improve
22 Server side bindings return an application/json mine-type
23 and can be accessed though either HTTP or Websockets.
25 In a near future, JSON-RPC protocol should be added to complete the current
28 Two examples of HTML5 applications are given:
30 - [afb-client](https://gerrit.automotivelinux.org/gerrit/gitweb?p=src/app-framework-demo.git;a=tree;f=afb-client) a simple "hello world" application template
32 - [afm-client](https://gerrit.automotivelinux.org/gerrit/gitweb?p=src/app-framework-demo.git;a=tree;f=afm-client) a simple "Home screen" application template
34 ### Writing a Qt application
36 Writing Qt applications is also supported.
37 Qt offers standard API to send request through HTTP or WebSockets.
39 It is also possible to write QML applications.
40 A sample QML application [token-websock] is available:
42 - [token-websock](https://gerrit.automotivelinux.org/gerrit/gitweb?p=src/app-framework-binder.git;a=blob;f=test/token-websock.qml)
44 A simple "hello world" application in QML
46 ### Writing a "C" application
48 C applications can use afb-daemon binder through a websocket connection.
50 The library **libafbwsc** is provided for C clients that need
51 to connect with an afb-daemon binder.
53 The program **afb-client-demo** is the C example that uses the
54 **libafbwsc** library.
55 Source code is available here
56 [src/afb-client-demo.c](https://gerrit.automotivelinux.org/gerrit/gitweb?p=src/app-framework-binder.git;a=blob;f=src/afb-client-demo.c).
58 Current implementation relies on libsystemd and file descriptors.
59 This model may be reviewed in the future to support secure sockets
60 and get rid of libsystemd dependency.
62 ### Handling sessions within applications
64 Applications should understand sessions and token management when interacting
65 with afb-daemon binder.
67 Applications communicate with their private binder (afb-daemon) using
68 a network connection or any other potential connection channel.
69 While the current version does not yet implement Unix socket,
70 this feature might be added in the near future.
71 Developers need to be warn that HTTP protocol is a none
72 connected protocol and that using HTTP socket connection to authenticate
73 clients is not supported.
75 For this reason, the binder should authenticate the application
76 by using a shared secret.
77 The secret is named "token" and the identification of client is named "session.”
79 The examples **token-websock.qml** and **afb-client** are demonstrating
80 how authentication and sessions are managed.
84 Bindings and other binder features need to keep track of client
86 This is especially important for bindings running as services
87 as they may typically have to keep each client's data separated.
89 For HTML5 applications, the web runtime handles the cookie of the session
90 that the binder afb-daemon automatically sets.
92 Session identifier can be set using the parameter **uuid** or **x-afb-uuid** in
94 Within current version of the framework session UUID is supported
95 by both HTTP requests and websocket negotiation.
99 At application start, AGL framework communicates a shared secret to both binder
100 and client application.
101 This initial secret is called the "**initial token**".
103 For each of its client application, the binder manages a current active
104 token for session management.
105 This authentication token can be use to restrict the access to some binding's methods.
107 The token must be included in URI request on HTTP or during websockets
108 connection using parameter **token** or **x-afb-token**.
110 To ensure security, tokens must be refreshed periodically.
112 ### Example of session management
114 In following examples, we suppose that **afb-daemon** is launched with something
118 afb-daemon --port=1234 --token=123456 [...]
121 making the expectation that **AuthLogin** binding is requested as default.
125 First, connects with the initial token, 123456:
128 $ curl http://localhost:1234/api/auth/connect?token=123456
130 "jtype": "afb-reply",
133 "token": "0aef6841-2ddd-436d-b961-ae78da3b5c5f",
134 "uuid": "850c4594-1be1-4e9b-9fcc-38cc3e6ff015"
136 "response": {"token": "A New Token and Session Context Was Created"}
140 It returns an answer containing session UUID, 850c4594-1be1-4e9b-9fcc-38cc3e6ff015,
141 and a refreshed token, 850c4594-1be1-4e9b-9fcc-38cc3e6ff015.
143 Check if session and token is valid:
146 $ curl http://localhost:1234/api/auth/check?token=0aef6841-2ddd-436d-b961-ae78da3b5c5f\&uuid=850c4594-1be1-4e9b-9fcc-38cc3e6ff015
148 "jtype": "afb-reply",
149 "request": {"status":"success"},
150 "response": {"isvalid":true}
157 $ curl http://localhost:1234/api/auth/refresh?token=0aef6841-2ddd-436d-b961-ae78da3b5c5f\&uuid=850c4594-1be1-4e9b-9fcc-38cc3e6ff015
159 "jtype": "afb-reply",
162 "token":"b8ec3ec3-6ffe-448c-9a6c-efda69ad7bd9"
164 "response": {"token":"Token was refreshed"}
171 $ curl http://localhost:1234/api/auth/logout?token=b8ec3ec3-6ffe-448c-9a6c-efda69ad7bd9\&uuid=850c4594-1be1-4e9b-9fcc-38cc3e6ff015
173 "jtype": "afb-reply",
174 "request": {"status": "success"},
175 "response": {"info":"Token and all resources are released"}
179 Checking on closed session for uuid should be refused:
182 $ curl http://localhost:1234/api/auth/check?token=b8ec3ec3-6ffe-448c-9a6c-efda69ad7bd9\&uuid=850c4594-1be1-4e9b-9fcc-38cc3e6ff015
184 "jtype": "afb-reply",
187 "info": "invalid token's identity"
192 #### Using afb-client-demo
194 - The program is packaged within AGL in the rpm **libafbwsc-dev**
196 Here is an example of exchange using **afb-client-demo**:
199 $ afb-client-demo ws://localhost:1234/api?token=123456
201 ON-REPLY 1:auth/connect: {"jtype":"afb-reply","request":{"status":"success",
202 "token":"63f71a29-8b52-4f9b-829f-b3028ba46b68","uuid":"5fcc3f3d-4b84-4fc7-ba66-2d8bd34ae7d1"},
203 "response":{"token":"A New Token and Session Context Was Created"}}
205 ON-REPLY 2:auth/check: {"jtype":"afb-reply","request":{"status":"success"},"response":{"isvalid":true}}
207 ON-REPLY 4:auth/refresh: {"jtype":"afb-reply","request":{"status":"success",
208 "token":"8b8ba8f4-1b0c-48fa-962d-4a00a8c9157e"},"response":{"token":"Token was refreshed"}}
210 ON-REPLY 5:auth/check: {"jtype":"afb-reply","request":{"status":"success"},"response":{"isvalid":true}}
212 ON-REPLY 6:auth/refresh: {"jtype":"afb-reply","request":{"status":"success",
213 "token":"e83b36f8-d945-463d-b983-5d8ed73ba529"},"response":{"token":"Token was refreshed"}}
216 After closing connection, reconnect as here after:
219 $ afb-client-demo ws://localhost:1234/api?token=e83b36f8-d945-463d-b983-5d8ed73ba529\&uuid=5fcc3f3d-4b84-4fc7-ba66-2d8bd34ae7d1 auth check
220 ON-REPLY 1:auth/check: {"jtype":"afb-reply","request":{"status":"success"},"response":{"isvalid":true}}
223 Same connection check using **curl**:
226 $ curl http://localhost:1234/api/auth/check?token=e83b36f8-d945-463d-b983-5d8ed73ba529\&uuid=5fcc3f3d-4b84-4fc7-ba66-2d8bd34ae7d1
227 {"jtype":"afb-reply","request":{"status":"success"},"response":{"isvalid":true}}
230 ### Format of replies
232 Replies use javascript object returned as serialized JSON.
234 This object contains at least 2 mandatory fields of name **jtype** and
235 **request** and one optional field of name **response**.
237 #### Template of replies
239 This is a template of replies:
243 "jtype": "afb-reply",
246 "info": "informationnal text",
247 "token": "e83b36f8-d945-463d-b983-5d8ed73ba52",
248 "uuid": "5fcc3f3d-4b84-4fc7-ba66-2d8bd34ae7d1",
249 "reqid": "application-generated-id-23456"
251 "response": ....any response object....
255 #### Field jtype of replies
257 The field **jtype** must have a value of type string equal to **"afb-reply"**.
259 #### Field request of replies
261 The field **request** must have a value of type object.
262 This request object has at least one field named **status**
263 and four optional fields named **info**, **token**, **uuid**, **reqid**.
265 ##### Subfield request.status
267 **status** must have a value of type string. This string is equal to **"success"**
268 only in case of success.
270 ##### Subfield request.info
272 **info** is of type string and represent optional information added to the reply.
274 ##### Subfield request.token
276 **token** is of type string. It is sent either at session creation
277 or when the token is refreshed.
279 ##### Subfield request.uuid
281 **uuid** is of type string. It is sent at session creation.
283 ##### Subfield request.reqid
285 **reqid** is of type string. It is sent in response to HTTP requests
286 that added a parameter of name **reqid** or **x-afb-reqid** at request time.
287 Value returns in the reply has the exact same value as the one received in the
290 #### Field response of replies
292 This field response optionally contains an object returned when request
297 Events are javascript object serialized as JSON.
299 This object contains at least 2 mandatory fields of name **jtype** and **event**
300 and one optional field of name **data**.
302 #### Template of event
304 Here is a template of event:
308 "jtype": "afb-event",
309 "event": "sample_api_name/sample_event_name",
310 "data": ...any event data...
314 #### Field jtype of event
316 The field **jtype** must have a value of type string equal to **"afb-event"**.
318 #### Field event of event
320 The field **event** carries the event's name.
322 The name of the event is made of two parts separated by a slash:
323 the name of the name of the API that generated the event
324 and the name of event within the API.
326 #### Field data of event
328 This field data if present holds the data carried by the event.