I'm having trouble authorizing a merchant in the Square OAuth flow and am using AFNetworking 2.0 in Objective-C. I called the method 'openURL' which brought up the Square log in page. From here I can log in as a merchant, but then it never returns to the app. Recommendations and code examples on what I need to do to get this to work would be much appreciated as I am very lost here. Thanks in advance!
OPEN URL Call
The 'openURL' call successfully redirects the user to 'https://connect.squareup.com/oauth2/authorize' with the Client ID and Redirect URL on Safari. After logging in and pressing "Allow" for the permissions, it doesn't jump back to the app. The code I tried follows:
NSString *urlString= #"https://connect.squareup.com/oauth2/authorize";
NSString *clientID = #"client_id=[CLIENT_ID]";
NSString *responseType = #"response_type=code";
NSString *fullURL = [NSString stringWithFormat:#"%#?%#&%#", urlString, clientID, responseType];
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:fullURL]];
I am thinking it may have something to do with the URLSchemes and URL identifier. Should the "Redirect URL" on the Square portal be the same as the URL Scheme or the URL identifier? I tried both and it didn't work.
As an example, would the following values in my Info.plist be correct? My URL Schemes single item is "iostestapp" and my URL identifier is "com.name.iostestapp". The "Redirect URL" in the Square portal is "https://com.name.iostestapp".
Is something else besides the code I provide needed? I've been seeing a lot about handlers concerning OAuth online but don't see that in the Square docs.
It is necessary for the user to authorize your developer application to access their data via the API. In order to do so, you must guide the user through the Square provided Oauth flow. It is not sufficient to programmatically perform a GET request to this URL. You must guide the user through the oauth flow in a web browser.
You can present the Oauth flow to your users by opening a web page with the following URL: https://connect.squareup.com/oauth2/authorize?client_id=CLIENT_ID. The CLIENT_ID is the application identifier that you were provided when you registered your developer application in the Square developer portal. The developer portal is located at https://connect.squareup.com/apps. In the developer portal, you must also specify an oauth redirect_uri. After the user has authorized your application, they will be redirected to the redirect_uri that you specify with either an access token or a single use code (that can be exchanged by you for an access token.)
Also, please note that when you create an application in the developer portal, we provide you with a "personal access token" that you can use to perform API calls on behalf of your own user and test out the API.
Related
I'm trying to setup Wechat oauth login.
I have verified international account ("subscription" type), but an example from documentation doesn't work for my appid
https://open.weixin.qq.com/connect/qrconnect?appid=wx13243a5b6496168e&redirect_uri=http://foo.bar/baz&response_type=code&scope=snsapi_login
Scope 参数错误或没有 Scope 权限
I guess this may be because of "subscription" type, but there were no such options during a registration process.
What should I do to enable WeChat oauth for my site?
for anyone who tries to do the OAuth with wechat in swift, you can follow this link here to start with SDK integration, then this link to integrate OAuth. i post it here because the above link you provided has expired.
the error message above basically means you didn't specify the scope of your request. the second link has it.
// Build a SendAuthReq structure
SendAuthReq* req =[[[SendAuthReq alloc]init]autorelease];
req.scope = #"snsapi_userinfo";
req.state = #"123";
// The third party sends a SendAuthReq message structure to the Weixin platform.
[WXApi sendReq:req];
In my app I'm integrating OAuth2.0 library for vimeo upload. I'm getting error as invalid redirect uri after user log into his account.
My code,
self.oauthClient = [[LROAuth2Client alloc] initWithClientID:#"**** client ID ****"
secret:#" * secret * " redirectURL:[NSURL URLWithString:#"testMyApp://oauth"]];
In the plist i have given "testMyApp" as string in url schemes.
is this the right way to specify redirect uri? please help!
Your redirect url must 100% match the url configured on the developer site.
If your user is redirected to testMyApp://oauth your configured redirect url must be exactly testMyApp://oauth
The 3 pieces of information that you pass back to the Vimeo API (redirect_uri, code, grant_type) must be form URL encoded body parameters.
If they're being passed as query parameters, for example, the request will fail and return the error you're seeing.
For the Vimeo API to allow for your redirect, you have to register it for your app with the developer site. When it is registered there you are able to use it when you specify the redirect.
The plist scheme registration only notifies iOS that you can handle the scheme; Vimeo is unaware that it's a valid thing to redirect to for your app without this step.
The redirect url in the developer site must exactly match with the one in your application authentication request. I faced the same problem because of difference in the redirect url. But I fixed that and its working.
Developer site redirect url:
My app's request url:
https://api.vimeo.com/oauth/authorize?redirect_uri=vimeo608e5e6ffab5f7d2b567443f57684fdae8f8cb1c://auth&response_type=code&state=aee5252c-963c-4146-8358-a423326dd03c&scope=private%20public%20create%20edit%20delete%20interact&client_id=608e5e6ffab5f7d2b557443f57684fdae8f8cb1c
the value of the key redirect_url in above request is exact to the developer site. Please feel free to comment..
In my case, I had forgotten to enable implicit authentication and was getting the missing redirect_uri message.
I'm curious if there is a way to safely pass content between apps on iOS. The ultimate goal is to implement oauth between two ios apps.
Since apps are not guaranteed to have unique url schemes, this option is out.
I have considered using keychain groups, but do not have experience with this. It looks like an app needs to specify exactly which apps can access the keychain items.
Are there any other options? Is there some sort of identifier (such as android bundle ID) that can be used to verify the apps during a request?
You can use URL schemes for this.
The basic process
You'll have a ServerApp and many ClientApps. The ServerApp listens to an URL-scheme like serverapp://. The client then can make a call to the server to ask it for authentication. The client has to implement an URL-scheme too. E.g. ClientAppOne implements the URL scheme clientapp1://. The server takes as parameter a backlink to the client app. E.g. the client calls the URL serverapp://auth?back=clientapp1%3A%2F%2Fserverapp-auth (here the backlink is clientapp1://serverapp-auth and has been urlencoded).
The server then checks the users identity, asks him for permission, password, etc. and then uses the backlink to provide the data. How the backlink works exactly is application specific, but you usually need at least 2 parts: an access token and a username. E.g. a backlink will then be clientapp1://serverapp-auth?success=1&token=fi83ia8wfzi3s8fi8s3f8si8sf&user=robert or maybe in case of error clientapp1://serverapp-auth?success=0&errno=421. The client then needs to verify the accesstoken through some public (or private) API, e.g. https://serverapp.example.com/userdetails?apikey=fai83jw93fj93389j&token=fi83ia8wfzi3s8fi8s3f8si8sf. The server will return some structured response.
Necessary components
an URL scheme on the server App
an URL scheme on each client App
an SDK that is to be included into each client app and that handels the details of authentication, and a standard UI component (e.g. facebook has a standard button that says "login with facebook", so the ServerApp needs some re-recognizable button that says something like "login with ServerApp")
a server that provides services that can be accessed through the access token.
a defined API that explains how the client has to communicate with the server
an SDK to be included into the client that handels such client-server-communication (should be part of the SDK mentioned in component 3.)
maybe a wiki that documents all of the steps above, so that you and other developers dont lose track
a way to invalidate access tokens, and a way for the client to detect if an access token has been invalidated. furthermore, if the user changes his password, all access tokens should be invalidated.
Random notes
in your client app you can check if the serverapp is installed by calling [[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:#"serverapp://auth"]].
the URL schemes should be sufficently collission-free. These URLs are never seen by users, only by developers, so they don't have to be beautiful. You can e.g. append the iTunes-Connect-App-ID to your URL-scheme, like serverapp1234567://. This will greatly reduce the possibility that someday some other app will use the same URL scheme.
Only for internal use i need to display the content of our dropbox folder in a tableview inside our app without show for the login screen and handle back the authentication url.
In all the example i've found only the reference to
#import <DropboxSDK/DropboxSDK.h>
DBSession *dbSession = [[DBSession alloc]
initWithAppKey:#"INSERT_APP_KEY"
appSecret:#"INSERT_APP_SECRET"
root:INSERT_ACCESS_TYPE]; // either kDBRootAppFolder or kDBRootDropbox
[DBSession setSharedSession:dbSession];
and after tha the authentication is handle as url call back from the web page of dropbox.
but there is a way of handle the different part to the autenticantion and keep them in code?
May be could be easily handle with direct api call ?
In the dropbox "app console" i've found a "Generated access token" but i'm not understand how to use.
Thanks for your help and for your time.
The Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/security .) In the iOS Core SDK you'd need to use:
- (void)updateAccessToken:(NSString *)token accessTokenSecret:(NSString *)secret forUserId:(NSString *)userId;
Again though, this isn't a good idea. Since this would be a client-side app, any malicious user of your app could extract the access token and use it to bypass any access restrictions your app attempted to enforce. For example, they could access content they shouldn't or add or replace content with a malicious payload that other users would access.
Unless Dropbox changed their API recently, the user must manually supply a username / password. This can be done by popping out to the Dropbox app or using a Dropbox web view. You can not programmatically supply a default username / password.
Beginner programmer here, please pardon ignorance & explanations will be really nice :)
I've tried to read the tutorials for a certain OAuth 2.0 service, but I don't understand this redirect URI... in my particular context, let's say I'm trying to build an iPhone app that uses OAuth 2.0 for some service. I have an App ID that was generated, but i need to provide some sort of redirect URI to generate the API key.
Is this a URL that I'm supposed to host somewhere myself?? As the name suggests, I would think that the redirect URL is supposed to "redirect" someone somewhere. My only guess is that it's the URL a user is redirected to after they log in to the service.
However, even if that assumption is correct, I don't understand one other thing - how can my app be opened again after I've sent them to the browser for the user login?
Read this:
http://www.quora.com/OAuth-2-0/How-does-OAuth-2-0-work
or an even simpler but quick explanation:
http://agileanswer.blogspot.se/2012/08/oauth-20-for-my-ninth-grader.html
The redirect URI is the callback entry point of the app. Think about how OAuth for Facebook works - after end user accepts permissions, "something" has to be called by Facebook to get back to the app, and that "something" is the redirect URI. Furthermore, the redirect URI should be different than the initial entry point of the app.
The other key point to this puzzle is that you could launch your app from a URL given to a webview. To do this, i simply followed the guide on here:
http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
and
http://inchoo.net/mobile-development/iphone-development/launching-application-via-url-scheme/
note: on those last 2 links, "http://" works in opening mobile safari but "tel://" doesn't work in simulator
in the first app, I call
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:#"secondApp://"]];
In my second app, I register "secondApp" (and NOT "secondApp://") as the name of URL Scheme, with my company as the URL identifier.
Take a look at OAuth 2.0 playground.You will get an overview of the protocol.It is basically an environment(like any app) that shows you the steps involved in the protocol.
https://developers.google.com/oauthplayground/
redirected uri is the location where the user will be redirected after successfully login to your app. for example to get access token for your app in facebook you need to subimt redirected uri which is nothing only the app Domain that your provide when you create your facebook app.
If you are using Facebook SDK, you don't need to bother yourself to enter
anything for redirect URI on the app management page of facebook. Just setup a
URL scheme for your iOS app.
The URL scheme of your app should be a value "fbxxxxxxxxxxx" where xxxxxxxxxxx is
your app id as identified on facebook.
To setup URL scheme for your iOS app, go to info tab of your app settings
and add URL Type.