OAuth Overview
The OAuth API is primarily used for sites that have already taken the steps to implement Web Monetization and want to offer a way for Coil Members to access monetized content on desktop and mobile without installing the Coil Extension.
info
You don’t need access to our OAuth API to implement Web Monetization on your site.
If you’re already familiar with Web Monetization, read about our OAuth Web Monetization Script. The script is available for any site that uses Coil's OAuth and allows users to authenticate to Coil via your site.
Partner sign in and linking#
When a developer receives permission from Coil to use our OAuth API they have access to our partner sign in and linking functionality. This allows the developer to provide Coil Members with a way to sign in or link their Coil account from the developer’s service. By signing in or linking a Coil account, the Coil Member authorizes the developer to stream payments on their behalf without installing the Coil Extension.
Get started#
Before you can use the OAuth API, you must:
- Sign up for a free Coil account if you don't already have one.
- Send an email to [email protected] outlining your use case.
After you are approved for OAuth access, register your client app and wait for a registration access token. Then, use the access token to register your app with the Coil OpenID Connect (OIDC) provider. The registration process is outlined on the POST /oauth/reg page.
OpenID Connect settings#
The Coil OIDC and OAuth2 provider uses the oidc-provider package, which implements the specs described by openid.net.
Openid-configuration is the Coil OIDC provider's discovery document. The document describes the API endpoints used during the authentication sequence. You'll need these details to construct requests to the server. Specifying this URL connects the authenticator to the OIDC provider.
| Setting | Value |
|---|---|
| Discovery Endpoint | https://coil.com/.well-known/openid-configuration |
| Authorization Scope | simple_wm and openid |
Basic OAuth flow#
This section provides the basic flow for being approved for, and then accessing, resources owned by Coil users. The Coil OIDC and OAuth2 provider uses the authorization code flow. Steps 1 - 5 below are covered in the previous sections on this page.
- Sign up for a free Coil account if you don't already have one.
- Email [email protected] and outline your use case.
- Wait for approval.
- When approved, register your client app and wait for your registration access token.
- After you have a registration access token, register your app with the Coil OIDC provider to exchange the token for a client ID and client secret.
- Get permission for your app to access resources owned by a Coil user.
- Request an access token.
- Get the resources that the app was previously granted access to.
- Issue the Coil user a BTP token.