OAuth2 Redirect URL Question

[vikkysingh]

Hi All

Read the notes on oauth2 in 10.0 DP6 and I could prepare the following button script for Google authentication using OAuth2.

In the "Client ID for Web application" page over at Google API portal, I've kept the Auth. Redirect URL empty.


My Button Script:

[indent]on mouseup

constant kAuthURL = "https://accounts.google.com/o/oauth2/auth"
constant kTokenURL = "https://oauth2.googleapis.com/token"
constant kClientID = "274593072165-oiud666u9j7vbquu.apps.googleusercontent.com"
constant kClientSecret = "com.googleusercontent.apps.2745662165-8t8266kig5qjbacj4"
constant kScopes = "https://www.googleapis.com/auth/userinfo.email"

if the environment is "mobile" then
OAuth2 \
kAuthURL, \
kTokenURL, \
kClientID, \
kClientSecret, \
kScopes, \
"in.tal3ic.tal3ic://tal3ic"
//assume tal3ic.in is my website, and I have also added tap3ic in the CustomURL field in Standalone Settings for iOS
end if


put the result into tres
answer tres
if tres is not empty then
answer error "Not authorized!"
else
//<retrieve email id via JSON from API endpoint>
end if

end mouseup[/indent]


Is this a proper approach for iOS? Especially the Authorized Redirect URL.

Many thanks in advance.

Vikram

[stam]

Hi Vikram
I presume you're really asking about the "in.tal3ic.tal3ic://tal3ic" part of your script - that seems quite strange to me, but I really can't speak to that, perhaps wiser minds can answer.

As far as I can see, you DO need to provide a port number for the uri:

In order to handle the redirect the library accepts socket connections on localhost on a configurable port. The redirect uri configured when setting up your application with the web service should be http://127.0.0.1:port where port is the port that can be configured with the port parameter. It is recommended to use the range 49152-65535.

This is the example given in the dictionary, which should present an authorisation dialog:

Code: Select all

OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, 54303

It's not mentioned that iOS should be different in the Dictionary (but that may well be the case, I can't say).

As a general point, you'll probably want the constants outside of any specific handler, at the top of the script so they can be accessible to any handler in the script, i.e.

Code: Select all

constant kAuthURL = "https://accounts.google.com/o/oauth2/auth"
constant kTokenURL = "https://oauth2.googleapis.com/token"
constant kClientID = "xxxxxxxxxx.xxxxxxxxxxx"
constant kClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
constant kScopes = "https://www.googleapis.com/auth/userinfo.email"

on mouseUp
   OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, <PORT NUMBER>
   If the result is not empty then
      answer "Authorisation failure:" && the result
   else
      ### process the JSON in the it variable ###
   end if
end mouseUp

PS: As I'm sure others will tell you, please enclose your code the code tag button </> (the 5th from the left), it makes it much easier for people to read and copy your code. Or, replace you 'indent' tags, which don't exist in this forum, with [ code][/code] tags.
And don't share your private keys

[vikkysingh]

Thanks - noted!. they keys are trimmed/truncated but of course a bad idea.

From the latest version of the dictionary:

The redirect URI configured when setting up your application with the web service for desktop should be http://127.0.0.1:port/ where port is the port that can be configured with the pPortOrRedirectURI. On mobile platforms use a reverse domain name based custom uri scheme such as com.example.myapp://myapp where com.example is a domain that you control.

So they have given an example of the custom uri scheme.

[vikkysingh]

Question is how would one establish that one owns the domain? Perhaps from the Auth. JavaScript origin field.