Provisioning device


ProvisionController.java Device calls /playjamserver/rest/provision

@RequestParam String deviceId,
@RequestParam String email,
@RequestParam String key,
@RequestParam String lang

Note how they select their own secret key - security breach? - Email is the main account email where authorisation links are sent.
DeviceProvisioningServiceImpl.provisionDevice is called - where an 'almost unique' activation code is stored against the device (devices:activation_code Postgres field)


Email is sent by playjam server to given email (with activationCode as an id) which is used to direct the user to a web server (Ajax/JS driven) where they fill in their personal details (Name/Address, PlayerTag/Dob/Avatar etc).  On Completion of web page - the Web Client will do 3 calls


'Flare' Create Account
'Flare' Create Profile (from PlayerTag,AvatarId)
ASyncAttachDeviceController.java  POST playjamserver/rest/devices call (== 'CREATE' (C) request)