I'm currently building an electron soundcloud desktop app to learn Electron & ReactJS. I have seen an app use a custom http protocol (link to electron docs) to recieve the callback for getting the authentication token. Today I wanted to register my app on developers.soundcloud.com. The application link sends you to a google form, but the redirect url you need to add here is required to have a http(s)://.
Is it actually possible to request something like this "soundtop://oauth/callback"?
Related
I am trying to build an OSX application using swift and storyboard. I am implementing Google OAuth for the app. Following the google guide https://developers.google.com/identity/protocols/oauth2/native-app#sample-authorization-urls, I am opening a browser with the a loopback authorisation url (i.e. after signing in, it loopbacks to localhost where the url contains authorisation code and other meta data.
To give a better overview of how the authentication workflow works:
User selects authorise button in app
Browser opens up with an url like:
https://accounts.google.com/o/oauth2/v2/auth?
scope=email%20profile&
response_type=code&
state=security_token%3D138r5719ru3e1%26url%3Dhttps%3A%2F%2Foauth2.example.com%2Ftoken&
redirect_uri=http%3A//127.0.0.1%3A9004&
client_id=client_id
The google account chooser and permissions consent screen renders and prompts user to give permission..
Once user gives permission, the page redirects to localhost with the authorisation code or the error (when not permitted). The redirect url looks like:
http://127.0.0.1:9004/?code=auth_code&
scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&
authuser=0&
prompt=consent
So now I want the parameter code in my app. Google document says I have to create an HTTP listener in order to get the parameters. So I want to setup an HTTP listener at that port (9004) and get the params. What HTTP library can I use to solve this problem?
I haven't tried to involve myself with any oauth library for osx and I want to implement myself but if there is a library which solves this problem with limited boilerplate suggest them.
Thanks.
I would recommend the AppAuth framework for macOS and iOS. It takes care of all of this for you, and includes an option to set up an HTTP server on the loopback interface.
I have a NativeScript Angular android app, which i need to integrate with Okta. I was able to successfully integrate my Angular web application with Okta but (As i am not mobile app developer) finding it hard to wrap my mind on how to integrate it with mobile app.
I tried to go through the documentation available at Okta official site(https://developer.okta.com/docs/concepts/auth-overview/#choosing-an-oauth-2-0-flow) it feels like the recommendation is to implement Authorization Code with PKCE for which I would need below:
1.An embedded browser in the mobile app to show Okta login page.
2.Some sort of local server which can receive callback from Okta with auth code and integration of the auth code received in callback with application api service.
Do you think it is right line of thinking?
If yes, how shall i get a web server in mobile app and what would be its address(Would it be localhost?) to receive callback from Okta?
Is there any JavaScript library which can be easily integrated with NativeScript code to do it?
I came across https://github.com/openid/AppAuth-JS but not sure how can i integrate it.
Thanks
You can use the Okta widget and the openAuth method of InAppBrowser plugin to be able to authenticate the users and later redirect to the app again by using deep linking, you can see the example folder of that plugin: https://github.com/proyecto26/nativescript-inappbrowser#usage
We're using this plugin from React Native too and we can get the token from okta after redirect the users through deep linking, it works very well. It's required to deploy the Okta widget in an external domain and register the deep links of your apps (Android/iOS) from Okta, e.g:
${scheme}://${host}/callback (Android)
${scheme}://callback (iOS)
so i have a meteor app, and i'm using facebook login (and google etc) for user authentication.
and i'm using MeteorRider which is basically "hijacking" the DOM from my meteor app, this way i get also a phonegap app.
So when using web and clicking on the facebook login, its working great.
but when using the phonegap app, its not working. its making an ouath call (opening a browser and do all the process but does not automatically close the browser and bring up my app) but then redirect to my app in the browser.
i'm still trying to figure how the two works with each other.
do i need to do this authentication using phonegap api or should i handle it using meteor api?
I use this for any oauth requirements in phonegap. https://github.com/oauth-io/oauth-phonegap
It handles closing of the browser etc.
I just released a package to fix this. It uses the InAppBrowser plugin to load the popup, listens for the auth token, closes the popup and logs in/creates account.
https://atmosphere.meteor.com/package/phonegap-oauth
I'd like to enable users of my app to associate their twitter accounts so that some application interaction is automatically tweeted.
Users can already associate their twitter accounts via the web interface, and I'd like them to be able to do the same from the mobile (iOS) app.
The problem is, when the application is registered as a web app, a callback URL is specified. So when users log into twitter using SA_OAuthTwitterEngine, the response is redirected to that URL, and the callback events on the client never fire.
Can I use SA_OAuthTwitterEngine, and override the callback parameter (nullify it) so that I get the same interaction (PIN) as a desktop client?
For a mobile client, best to use xAuth. Using the pin method is suboptimal for mobile. After all your application isn't a web app.
The new MGTwitterEngine has xAuth support, so switching should be painless :)
I am building a mobile app with jQueryMobile and I intend to deploy it onto iPhone thanks to PhoneGap.
My question is : how can I authenticate myself with Foursquare using the OAuth2 protocol in my jQueryMobile app ? One solution would be to use the useragent flow of OAuth2 but this would force the iPhone to launch Safari and thus not stay within the app. Are there any better solutions than this ?
For an iPhone-based or client-side application like you would have in PhoneGap,
Foursquare recommends one of these methods.
If you have no substantive server code, you can embed a web browser and use the token flow, redirecting the user to a dummy page on your domain. You can then grab the token off of the URL and close the browser. We have sample Android and iOS code for your reference.
If you have a server as part of your application, you can use the server flow above, possibly in an embedded browser. Similar to the Facebook API, you can add display=touch to your authorize or authenticate URLs to get a mobile optimized interface.
An alternative to the above is to use the server flow and an external browser, but redirect to a custom URI handler that brings the user back to our application. You can embed the secret in your application and exchange the provided code for an access token. PLEASE take steps to obfuscate your client secret if you include it in released code, and be prepared to rotate it if needed.
https://developer.foursquare.com/docs/oauth.html
This could probably be handled with the ClientBrowser plugin for PhoneGap or just adapting the sample code they have provided into PhoneGap plugins.
One of the core intentions of OAuth2 is to not allow browserless authentication flow like we did with XAuth in the past. Service providers want consumers to see what permissions they are signing off on, and want control of that process.
I'm not very experienced with Phonegap, as I'm a native developer, but if there's a way of instantiating a UIWebView and showing it to the user, you could at least keep the web interaction 'inside' of the application. Given phonegap is basically showing a UIWebView this should be possible. It is possible to examine the source of the html within a UIWebView using
- (NSString *)stringByEvaluatingJavaScriptFromString:(NSString *)script