How Does My App Authorize Against BlueJeans?

Sometimes you may have an application whose users may elect to include BlueJeans functionality in their client session.

This overview guide will provide you an example of the 3-Legged OAuth process used by client applications to obtain authorization by the user for access to their BlueJeans account.

Things to keep in mind...

BlueJeans REST API messages must contain certain formatting values in order to be recognized as valid. Please ensure that each REST call has the following fields:

Try it out!

A functional implementation of the 3-Legged OAuth process can be found in this Reference Application.

Step 1

Register

Developer Registers Application

The first step a developer must do is register their application with BlueJeans. This will ensure that BlueJeans knows there is a target application that is requesting an access token.

For this step, a developer must request from their BlueJeans Administrator a client ID and a secret ID set of keys. These keys are part of the application registration process in BlueJeans.

Registration need only be done once by the Enterprise Administrator. Thereafter, clients can authorize against this application per OAuth's standards.

BlueJeans uses the industry standard OAuth protocol for authentication.

API Specification
https://api.bluejeans.com/v1/user/1407819/developer_applications
JSON Calling Parameters 
{
  appName : "test.3leg",
  description : "Reference Application to test 3-legged authentication",
  appLogoUrl : "",
  redirectUrls : [
    "https://glenninn.com"
  ]
}
The function of the JSON variables are:
  • appName - string constant, "appName" to designate the desired name of the application that will use OAuth
  • description - string constant, "description" is a short narrative describing the application associated with this registration
  • appLogoUrl - string constant, "appLogoUrl" is a URL to where BlueJeans can access a logo graphic for the Authorization dialog to show.
  • redirectUrls - array[string], "redirectUrls" is a list of approved URL's that BlueJeans can redirect the client when the user completes his/her authorization approval.
JSON Return Values 
{
    appName : "test.3leg",
    description : "Reference Application to test 3-legged authentication",
    appLogoUrl : "https://glenninn.com/Logo-84x84.png",
    redirectUrls : [
      "https://glenninn.com"
    ],
    clientId :  "43160b229 ... 18ef2c3ef00989bec",
    clientSecret : "xxxxxxx",
    client_id : "43160b229 ... 18ef2c3ef00989bec",
    client_secret : "xxxxxxxx"
}
The returned JSON variables are:
  • appNamethe name of the application that will use OAuth
  • descriptionshort narrative describing the application associated with this registration
  • appLogoUrlURL where BlueJeans can access a logo graphic for the Authorization dialog to show.
  • redirectUrlsArray of permitted "redirectUrls" that BlueJeans can redirect the client when the user completes his/her authorization approval.
  • clientIdOne of the 2 OAuth keys assigned to this application
  • client_idsame as clientId
  • clientSecretThis is the secret OAuth key calculated for this application.
  • client_secretsame as clientSecret
CURL
curl -X POST "https://api.bluejeans.com/v1/user/1407819/developer_applicationsaccess_token={your access token}" -H "accept: application/json" -H "content-type: application/json" -d "{ \"appLogoUrl\": \"https://glenninn.github.io/bjn-test3leg/html/Logo-84x84.png\",\"redirectUrls\": [ \"https://glenninn.com/callback\",\"https://glenninn.com/authenticated\" ],\"appName\": \"test.3leg\",\"client_id\": \"43160b2...989bec\",\"client_secret\": \"xxxxxxxx\"}"

Step 2

Authorize

Application Asks BlueJeans for Authorization

In this step your application redirects away to BlueJeans so that a user can login to their BlueJeans account and authorize/reject application access to the user's BlueJeans account

In the event the user approves BlueJeans access, the API call returns with a access code. That code will need to be exhanged quickly for an access token

API Specification
(GET) https://bluejeans.com/oauth2/authorize
Query Parameters 
&clientId=
&redirectUri=
&state=
&scope=
&responseType=code
&appName=
&appLogoUrl=
The function of the JSON variables are:
  • clientId - This is the OAuth key created the BlueJeans Enterprise Administrator specific to the Application.
  • redirectUri - This is the URL where BlueJeans will respond back after the user is shown the confirm/reject BlueJeans dialog for application access to the User's BlueJeans profile.
  • state - This is an arbitrary string defined by the application that BlueJeans should return as part of the response.
  • scope - This is a comma-separated list of access privileges that the application is requesting. The set of possible choices is: [list_meetings, modify_meetings, user_info, modify_user_info, meeting_history]
  • responseType - "code" This value should always be code.
  • appName - This is the name of the application associated with the clientID key.
  • appLogoUrl - This is a url to where BlueJeans can find a bitmap image to show on the confirm/reject dialog (disabled for now)
Return Values in Callback Query Parameters 
&code=
&state=
The returned Query variables contain the confirmation information
  • code - This is a unique identified that BlueJeans returns when the user approves access to the Application.Note: this code is only valid for 30 seconds
  • state - This is an echoing of the arbitrary string passed into BlueJeans If it does not match the calling state, then this may indicatd a phishing incident.
CURL
curl https://bluejeans.com/oauth2/authorize?clientId=43160b...0989bec&redirectUri=https://glenninn.com/callback&state=fishing&scope=list_meetings,modify_meetings,user_info&responseType=code&appName=test.3leg&appLogoUrl=https://glenninn.github.io/bjn-test3leg/html/Logo-84x84.png

Step 3

Authentication

Application Obtains Access Token

In this step the user's Application session makes an API call to exchange the access code for a user access token.

Along with this API call, you must pass the access code obtained from the Authorization step.

API Specification
https://api.bluejeans.com/oauth2/token?Code
JSON Calling Parameters 
{
  redirectUri   : "https://glenninn.com/authenticated",
  code          : "gqNe....skFCK",
  grant_type    : "authorization_code",
  client_secret : "xxxxxxxxx",
  client_id     : "43160b2...989bec"
}
The function of the JSON variables are:
  • redirectUri - This is the URL that BlueJeans will redirect the response to this API call.
  • code - This is the access code value returned by the Authorize API call done previously. Note the access code has a 30sec lifetime.
  • grant_typeThis field should always be "authorization_code"
  • client_secret - This is the secret OAuth key that was generated by the BlueJeans Enterprise Administrator
  • client_id - This is the unique Client ID associated to the Application.
JSON Return Values 
{
  access_token : "8355640ae5.....2ae163d0f493",
  expires_in : 3600,
  scope : {
    user : 1442589,
    appPermissions : [ ... ],
    partitionName : "z2",
    partition : {
      id : 2,
      name : "z2"
    },
    bearerPermissions : "list_meetings,modify_meetings,user_info",
    clientId : "43160b2...989bec",
    client_id : "43160b2...989bec",
    capabilities : []
  },
  refresh_token : "sdEE2BmVr...JRhzVMU3HosSJYCG"
}
The returned JSON variables simply echo the connection parametsrs passed to this API
  • access_token - This is the user access token that you will use for API calls made by the user.
  • expires_in - This is the time until the token expires in seconds. YOu can refresh the token by making a refresh API call with the refresh_token value.
  • scope - This Object contains information related to the breadth of access that the access_token can engage.
    • user - This integer is the unique ID# for the authorized BlueJeans profile.
    • appPermissions - This array of objects outlines authorized functions and URI locators for those functions.
    • partitionName - This field is the name of the BlueJeans cloud partition where the user's meetings will be held.
    • partition - This Object contains partition information.
      • id - This integer is the number of the user's partition.
      • name - This string is the name of the user's partition.
    • bearerPermissions - This array of strings lists what functions this access token enables..
    • clientId - This string (and it's alternate-named client_id are the OAuth key corresponding to this application
    • capabilities - TBD
  • refresh_token - This token is required when specifically making the API call to refresh this user access token.
CURL
curl -X POST "https://api.bluejeans.com/oauth2/token?Code?access_token={your access token}" -H "accept: application/json" -H "content-type: application/json" -d "{\"redirectUri\": \"https://glenninn.com/authenticated\", \"code\": \"gqNe....skFCK\", \"grant_type\": \"authorization_code\", \"client_secret\": \"xxxxxxxxx\", \"client_id\": \"43160b2...989bec\" }"