We have moved to a new Sailfish OS Forum. Please start new discussions there.
5

How to use oauth2 and redirect url?

asked 2017-10-10 21:59:49 +0200

hsjpekka gravatar image

updated 2017-10-13 01:35:50 +0200

Hi, I'm planning to write an Untappd-application. Untappd uses oauth2 and redirect url (https://untappd.com/api/docs#authentication) in authentication. How to define the redirect url? I've understood that in android the redirect url would be something like applicationName.untappd.com, and that the url must be registered. Is it similar in sailfish also? If so, how do I register an url, and is there some other url scheme I should use? Or am I totally lost about it?

edit retag flag offensive close delete

5 Answers

Sort by » oldest newest most voted
3

answered 2017-10-14 01:12:08 +0200

umko gravatar image

updated 2017-10-17 23:52:58 +0200

The redirect url in OAuth2 is there to make sure that after the resource owner (user, RO) has successfully authenticated to the authorization server (AS), the AS redirects the browser to this URL with a query parameter containing the token. The idea is that after you register your redirect uri (that is really in your control) in the AS, then your app should watch out for this browser redirect to this exact uri and extract the token from the query parameter when the request comes to it.

In other words, the redirect from the browser (view) has to come to your app specifically and none other. That is why you have to register it. It makes full sense when you have a server app. Then you have control over an URL, you get a request to that URL with the token in a parameter, your implementation then extracts it and you are fine.

It is much more tricky when you have a mobile client app.

This was the theory.


Update.

Looked a bit futher, and here is what pycage mentioned in a relevant discussion:

having the SilicaWebview watch the uri property and react to it in the onUriChanged signal handler, if the redirect_uri matches the one I'm expecting. https://lists.sailfishos.org/pipermail/devel/2014-February/003425.html

And here is the code: https://github.com/pycage/cargodock/blob/dd4dbb32c05922cf713eeb49416d2aa3526fe95f/src/dropboxapi/dropboxapi.cpp

My position is that using a WebView is not at all a good OAuth2 practice. Instead a normal browser should be used (as Android has now implemented and enforced) but I do not think there is app support for handling the redirect in a browser in SailfishOS. So... :)

edit flag offensive delete publish link more

Comments

Great. Thanks.

hsjpekka ( 2017-10-23 20:19:08 +0200 )edit
1

answered 2017-10-13 14:35:37 +0200

rgrnetalk gravatar image

updated 2017-10-13 19:08:57 +0200

You could check github (for sailfish} apps that use oauth. An example is notekeeper (qt, n9 app) that uses oauth.

edit flag offensive delete publish link more

Comments

That's something I feared I should do. Thanks for the link.

hsjpekka ( 2017-10-15 19:34:43 +0200 )edit
1

answered 2018-01-04 09:50:52 +0200

Magog gravatar image

updated 2018-01-04 09:52:15 +0200

First of all: you can see how it works in untapped application which there is in store. There are some ways I have found:

1) Using embeded webview and parse urls in onUrlChanged. But it isn't working if your service gives possibility to authorize via social networks, for example via google.

2) Using embeded http server and use redirect_uri like this: localhost:port://auth_completed. In this case you can authorize via default browser

In my getpocket client I use both ways because getpocket gives 3 ways to authorize app: getpocket, firefox, google. Getpocket and google use the second way and getpockete and firefox - use the first one.

I try to implement working uri scheme for my app via desktop file but it doesn't work from browser.

edit flag offensive delete publish link more
0

answered 2018-01-01 23:25:25 +0200

hsjpekka gravatar image

Seems to be so that the URL can be any string. I tried "oo://aa" as the callback url, and it worked.

edit flag offensive delete publish link more
0

answered 2018-01-02 00:22:42 +0200

pigg gravatar image

You could look at the oauth library here https://github.com/pipacs/o2. I includes a http server in the app, so you can redirect back to localhost and it parses the response for you. I just used it to add Strava support to an app, and it worked a treat.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
4 followers

Stats

Asked: 2017-10-10 21:59:49 +0200

Seen: 5,286 times

Last updated: Jan 04 '18