Simplify README

Grace Yim · Grace Yim · commit 449a80219695 · 2015-03-10T10:38:09.000-05:00
diff --git a/README.md b/README.md
@@ -1,192 +1,83 @@
 #ToopherPython [![Build Status](https://travis-ci.org/toopher/toopher-python.png?branch=master)](https://travis-ci.org/toopher/toopher-python)
-### Introduction
+
 ToopherPython is a Toopher API library that simplifies the task of interfacing with the Toopher API from Python code.  This project wrangles all the required OAuth and JSON functionality so you can focus on just using the API.
 
 ### Python Version
-\>=2.6.0
+* 2.6
+* 2.7
 
-### Learn the Toopher API
+### Documentation
 Make sure you visit [https://dev.toopher.com](https://dev.toopher.com) to get acquainted with the Toopher API fundamentals.  The documentation there will tell you the details about the operations this API wrapper library provides.
 
-### OAuth Authentication
-First off, to access the Toopher API you'll need to sign up for an account at the [Toopher developers portal](https://dev.toopher.com) and create a "requester". When that process is complete, your requester is issued OAuth 1.0a credentials in the form of a consumer key and secret. Your key is used to identify your requester when Toopher interacts with your customers, and the secret is used to sign each request so that we know it is generated by you.  This library properly formats each request with your credentials automatically.
-
-### The Toopher Two-Step
-Interacting with the Toopher web service involves two steps: pairing, and authenticating.
-
-#### Step 0: Create an API Object
-Using your consumer key and consumer secret, create a ToopherApi object which will be used to generate an authentication or user management url and process the postback data.
-
-#### Step 1: Pair
-Before you can enhance your website's actions with Toopher, your customers will need to pair their phone's Toopher app with your website.  To do this, they generate a unique, nonsensical "pairing phrase" from within the app on their phone.  You will need to prompt them for a pairing phrase as part of the Toopher enrollment process.  Once you have a pairing phrase, just send it to the Toopher web service and we'll return a pairing ID that you can use whenever you want to authenticate an action for that user.
+## ToopherApi Workflow
 
-#### Step 2: Authenticate
-You have complete control over what actions you want to authenticate using Toopher (for example: logging in, changing account information, making a purchase, etc.).  Just send us the user's pairing ID, a name for the terminal they're using, and a description of the action they're trying to perform and we'll make sure they actually want it to happen.
-
-### Librarified
-This library makes it super simple to do the Toopher two-step.  Check it out:
+### Step 1: Pair
+Before you can enhance your website's actions with Toopher, your customers will need to pair their mobile device's Toopher app with your website.  To do this, they generate a unique pairing phrase from within the app on their mobile device.  You will need to prompt them for a pairing phrase as part of the Toopher enrollment process.  Once you have a pairing phrase, just send it to the Toopher web service and we'll return a pairing ID that you can use whenever you want to authenticate an action for that user.
 
 ```python
-from toopher import *
+import toopher
 
-# Step 0 - Create an API Object Using Your Credentials
+# Create an API Object Using Your Credentials
 api = toopher.ToopherApi("<your consumer key>", "<your consumer secret>")
 
-# Step 1 - Pair with their phone's Toopher app
-# With pairing phrase
+# Step 1 - Pair with their mobile device's Toopher app
 pairing = api.pair("username@yourservice.com", "pairing phrase")
-# With SMS (optional parameter: country_code)
-pairing = api.pair("username@yourservice.com", "555-555-5555", country_code="1")
-# With QR code
-pairing = api.pair("username@yourservice.com")
+```
+
+### Step 2: Authenticate
+You have complete control over what actions you want to authenticate using Toopher (for example: logging in, changing account information, making a purchase, etc.).  Just send us the user's pairing ID and a name for the terminal they're using and we'll make sure they actually want it to happen.
 
+```python
 # Step 2 - Authenticate a log in
-# With pairing id and terminal name
-authentication_request = api.authenticate(pairing.id, "my computer")
-# With username and terminal name and/or requester_specified_id
-authentication_request = api.authenticate("username", terminal_name="terminal_name", requester_specified_id = "requester_specified_id")
+authentication_request = api.authenticate(pairing.id, "terminal name")
 
 # Once they've responded you can then check the status
 authentication_request.refresh_from_server()
 if not authentication_request.pending and authentication_request.granted:
 	# Success!
 ```
-### Zero-Storage Usage Option
-Requesters can choose to integrate the Toopher API in a way does not require storing any per-user data such as Pairing ID and Terminal ID - all of the storage
-is handled by the Toopher API Web Service, allowing your local database to remain unchanged.  If the Toopher API needs more data, it will `raise()` a specific
-error that allows your code to respond appropriately.
-
-```python
-try:
-    # Try to authenticate against Toopher API with username and a requester specified id,
-    # which is typically a randomly generated secure browser cookie.
-    # It does not need to be human-readable and will not be displayed to the user.
-    authentication_request = api.authenticate("username", requester_specified_id="requester_specified_id")
-
-    # If you got here, you just need to check the status of the authentication request.
-    if not authentication_request.pending and authentication_request.granted:
-        #Success!
-
-# There are four distinct errors ToopherAPI can return if it needs more data
-except UserDisabledError:
-    # You have marked this user as Toopher disabled in the Toopher API.
-except UserUnknownError:
-    # This user has not yet paired a mobile device with their account.
-    # Pair them using api.pair() as described above, then re-try authentication
-except TerminalUnknownError:
-    # This user has not assigned a "friendly name" to this terminal identifier.
-    # Prompt them to enter a terminal name, then submit that "friendly name" to the Toopher API:
-    api.advanced.user_terminals.create("username", "terminal_name", "requester_specified_id")
-    # Afterwards, re-try authentication.
-except PairingDeactivatedError:
-    # This user does not have an active pairing (typically because they deleted the pairing).
-    # You can prompt the user to re-pair with a new mobile device.
-```
 
-### Handling Errors
-If any request runs into an error a `ToopherApiError` will be thrown with more details on what went wrong.
+## ToopherIframe Workflow
+### Step 1: Embed a request in an IFRAME
+1. Generate an authentication URL by providing a username.
+2. Display a webpage to your user that embeds this URL within an `<iframe>` element.
 
-### Dependencies
-This library uses the [Requests](http://docs.python-requests.org/en/latest/) library and [OAuthLib](https://oauthlib.readthedocs.org/en/latest/index.html) to handle OAuth signing and make the web requests.
+```python
+import toopher
 
-Toopher uses [pip](https://pypi.python.org/pypi/pip) to install Python packages.
+# Create an API Object Using Your Credentials
+iframe_api = toopher.ToopherIframe("<your consumer key>", "<your consumer secret>")
 
-To ensure all dependencies are up-to-date run:
-```shell
-$ pip install -r requirements.txt
-```
 
-### Demo
-Check out `demo.py` for an example program that walks you through the whole process!  Just download the contents of this repo, make sure you have the dependencies listed above installed, and then run it like-a-this:
-```shell
-$ python ./demo.py
-```
+auth_iframe_url = iframe_api.get_authentication_url(username);
 
-### Tests
-To run tests using [nose](http://nose.readthedocs.org/en/latest/) enter:
-```shell
-$ nosetests test
+# Add an <iframe> element to your HTML:
+# <iframe id="toopher_iframe" src=auth_iframe_url />
 ```
 
-#Using the Toopher IFRAME
-Toopher's IFRAME-based flow is the simplest way for web developers to integrate Toopher Two-Factor Authentication into an application.
+### Step 2: Validate the postback data
 
-### Toopher IFRAME Overview
+After the Toopher-IFRAME results are posted back to server, the postback data can be validated one of two ways:
 
-The IFRAME-based flow works by inserting an `<iframe>` element into the HTML displayed to the user after a successful username/password validation (but before they are actually logged-in to the service).  The IFRAME URL is generated by our library and its content is served from the Toopher API server.
+#### 1. Check the authentication request status
+1. Call `is_authentication_granted` to check if the authentication request was granted.
 
-The Authentication IFRAME guides the user through the process of pairing (if the user is not paired already) and authenticating with Toopher.  Once complete, the IFRAME will return the result of the authentication to your server by `POST`ing the response via HTML to an endpoint of your choice.  Your server validates the cryptographic signature using our library which determines whether or not the user successfully authenticated.
-
-The User Management IFRAME is available if you would like to manage users separately from the authentication process. Once complete, the IFRAME will return the result of the pairing to your server by POSTing the response via HTML to an endpoint of your choice. Your server validates the cryptographic signature using our library which determines whether or not the user successfully paired.
-
-### HTML Markup
-There is no difference in the markup required for an authentication vs. a user management IFRAME request (the generated URL embeds all relevant information).
-
-The IFRAME element must have an id of `toopher_iframe`. Pages that include the Toopher IFRAME must include the accompanying javascript library `toopher-web.js` (located in `/assets/js/` in this repository).  Toopher's IFRAME content is designed for a minimum size of 400x300 px.  In the example below, `{{IFRAME_REQUEST_URL}}` is the authentication or user management URL generated by the ToopherIframe library.  `{{POSTBACK_URL}}` is the path on your server where the Toopher-Iframe will submit the result of the authentication when it is finished.
+```python
+# Returns boolean indicating if user should be granted access
+authentication_request_granted = iframe_api.is_authentication_granted(form_data)
 
-```html
-<!-- toopher-web.js requires jQuery.  uncomment the following line to source it from CDNJS if it is not already included in your page -->
-<!-- <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script> -->
-<script src="/js/toopher-web.js"></script>
-<iframe id="toopher_iframe" src="{{IFRAME_REQUEST_URL}}" toopher_postback="{{POSTBACK_URL}}" style="display:inline-block; height:300px; width:100%;"></iframe>
+if authentication_request_granted:
+    # Success!
 ```
 
-### Authentication IFRAME Workflow
-#### Primary Authentication
-We recommend using some form of primary authentication before initiating a Toopher authentication request.  Typical primary authentication methods involve verifying that the user has a valid username and password to access the resource being protected.
-
-#### Step 1: Embed a request in an IFRAME
-After verifying the user's primary authentication, but before assuming the user's primary authentication checks out, the next step is to kickoff Toopher authentication.
-
-1. Generate an authentication URL by specifying the request parameters to the library as detailed below
-2. Display a webpage to your user that embeds this URL within an `<iframe>` element.  The markup requirements for the IFRAME element are described in the "HTML Markup" section above.
+#### 2. Process the postback
+Additional information regarding the AuthenticationRequest is easily obtained by using `process_postback`.
 
-#### Step 2: Validate the postback data
-
-##### Option 1: Process the postback
-1. Toopher-IFRAME results posted back to server.
-2. Call `process_postback()` to verify that the result is valid. `process_postback()` returns one of the following:
+1. Call `process_postback()` to verify that the result is valid. `process_postback()` returns one of the following:
   * an AuthenticationRequest object if the signature is valid (authentication url)
   * a `UserDisabledError`, `SignatureValidationError` or `ToopherAPIError` if the server encounters an error while processing postback
-3. If no errors were returned, the result of the authentication can be checked by evaluating `not authentication_request.pending and authentication_request.granted`.
-
-##### Option 2: Check the authentication request status
-1. Toopher-IFRAME results posted back to server.
-2. Call `ToopherIframe.is_authentication_granted` to check if the authentication request was granted.
-
-
-#### Examples
-
-##### Generating an Authentication IFRAME URL
-Though it is not required, every Toopher Authentication session can include a unique `request_token` - a randomized string that is included in the signed request to the Toopher API and returned in the signed response from the Toopher IFRAME.  To guard against potential replay attacks, your code should validate that the returned `request_token` is the same one used to create the request.
-
-Here's an example of creating a random request token and storing it in the server-side session using Django:
-
-```python
-import random, string
-request_token = ''.join(random.choice(string.lowercase + string.digits) for i in range(15))
-request.session['ToopherRequestToken'] = request_token
-```
-
-The Toopher Authentication API provides the requester a rich set of controls over authentication parameters.
+2. If no errors were returned, the result of the authentication can be checked by evaluating `not authentication_request.pending and authentication_request.granted`.
 
-```python
-# Optional parameters: reset_email, request_token, action_name, requester_metadata, automation_allowed, challenge_required, and ttl
-auth_iframe_url = iframe_api.get_authentication_url(username, reset_email='email', request_token='token', action_name='action', requester_metadata, automation_allowed=automation_allowed, challenge_required=challenge_required, ttl=ttl);
-```
-
-For the simple case of authenticating a user at login, use `get_authentication_url()` in this simple way:
-
-```python
-login_iframe_url = iframe_api.get_authentication_url(username)
-```
-
-##### Validating Postback Data from Authentication IFRAME & Parsing Errors
-In this example, `data` is a `dict` of the form data POSTed to your server from the Toopher Authentication IFRAME.  You should replace the commented blocks in the `except` with code appropriate for the condition described in the comment.
-
-There are two ways to validate postback data from an authentication IFRAME:
-
-######Process Postback
 ```python
 try:
     # Try to process the postback from the Toopher IFRAME and receive an AuthenticationRequest object.
@@ -206,68 +97,27 @@ except toopher.ToopherApiError as e:
     # The postback resource type was not valid.
 ```
 
-######Check Authentication Request Status
-```python
-# Returns boolean indicating if user should be granted access
-authentication_request_granted = iframe_api.is_authentication_granted(form_data)
-
-if authentication_request_granted:
-    # Success!
-```
-
-###User Management IFRAME Workflow
-#### Primary Authentication
-We recommend using some form of primary authentication before initiating a Toopher pairing.  Typical primary authentication methods involve verifying that the user has a valid username and password to access the resource being protected.
-
-#### Step 1: Embed a request in an IFRAME
-After verifying the user's primary authentication, the next step is to kickoff Toopher pairing.
-
-1. Generate a user management URL by specifying the request parameters to the library as detailed below
-2. Display a webpage to your user that embeds this URL within an `<iframe>` element.  The markup requirements for the IFRAME element are described in the "HTML Markup" section above.
 
-#### Step 2: Validate the postback data
-1. Toopher-IFRAME results posted back to server.
-2. Call `process_postback()` to verify that the result is valid. `process_postback()` returns one of the following:
-  * a Pairing or User object if the signature is valid (authentication url)
-  * a `UserDisabledError`, `SignatureValidationError` or `ToopherAPIError` if the server encounters an error while processing postback
-3. If no errors were returned and you received a Pairing object, the result of the pairing can be checked by evaluating `pairing.enabled`.
-
-#### Examples
-##### Generating a User Management IFRAME URL
-The Toopher Authentication API provides the requester a rich set of controls over user management parameters.
+### Handling Errors
+If any request runs into an error a `ToopherApiError` will be thrown with more details on what went wrong.
 
-```python
-# Optional parameter: reset_email
-pair_iframe_url = iframe_api.get_user_management_url(username, 'email')
+### Demo
+Check out `demo.py` for an example program that walks you through the whole process!  Just download the contents of this repo, make sure you have the dependencies listed above installed, and then run it like-a-this:
+```shell
+$ python demo.py
 ```
 
-For the simple case of pairing a user, use `get_user_management_url()` in this simple way:
+## Contributing
+### Dependencies
+This library uses the [Requests](http://docs.python-requests.org/en/latest/) library and [OAuthLib](https://oauthlib.readthedocs.org/en/latest/index.html) to handle OAuth signing and make the web requests.
 
-```python
-pair_iframe_url = iframe_api.get_user_management_url(username)
+Toopher uses [pip](https://pypi.python.org/pypi/pip) to install Python packages. To ensure all dependencies are up-to-date run:
+```shell
+$ pip install -r requirements.txt
 ```
 
-##### Validating Postback Data from User Management IFRAME & Parsing Errors
-In this example, `data` is a `dict` of the form data POSTed to your server from the Toopher Pairing IFRAME.  You should replace the commented blocks in the `except` with code appropriate for the condition described in the comment.
-
-There is one way to validate postback data from a user management IFRAME:
-
-######Process Postback
-```python
-try:
-    # Try to process the postback from the Toopher IFRAME and receive a Pairing or User object.
-    postback_object = iframe_api.process_postback(form_data)
-
-    # If you got here and you have a pairing object, you just need to check the status of the pairing.
-    if postback_object.enabled:
-        #Success!
-
-# There are three distinct errors ToopherAPI can return if the postback is not valid.
-except toopher.UserDisableError as e:
-    # You have marked this user as Toopher disabled in the Toopher API
-except toopher.SignatureValidationError as e:
-    # The postback was not valid for one of the following reasons:
-    # missing keys, incorrect session token, expired signature or invalid signature.
-except toopher.ToopherApiError as e:
-    # The postback resource type was not valid.
+### Tests
+To run tests using [nose](http://nose.readthedocs.org/en/latest/) enter:
+```shell
+$ nosetests test
 ```
