In Google+ JS documentation, it says that if a callback function parameter is specified, Google will call that function when auth flow completes.
How would that work? i.e. how does javascript in parent window get access child window (Google Oauth)'s state?
Javascript children windows can call functions in their parent windows. Let's say you specify the function signinCallback(authResult), then the auth window can call parent.signinCallback(authResult) to pass authResult to your main window.
Related
I am using 2 Oauth services in my website. They both send back a query parameter called code. And I use a custom function to grab that code field when my page loads. Do OAuth services have a way you can change that code field to be custom? I am using Google OAuth for one and I am unable to locate this.
No, the standard specifies that the query parameter is named code, so there's no way to name them differently.
But the client can add a state parameter to the authorization request, which the authorization server has to return with the code. You can use that parameter to distinguish between the two authorization requests.
I am currently struggling with security dilemma how to pass securely the OAuth token from parent page in Outlook O365 to dialog window. According to Microsoft documentation there are only two ways how to achieve that:
localStorage
query parameter
What I don't understand why Microsoft has a methods(*) for communication from dialog to parent page and not from parent page to dialog?
*
from documentation:
dialog.addEventHandler(Office.EventType.DialogMessageReceived, processMessage);
dialog.addEventHandler(Office.EventType.DialogEventReceived, processMessage);
So my questions are:
Is there any way how to pass the OAuth token from parent page to dialog with the internal methods of Office JS?
Why Microsoft has developed only one way communication between parent page and dialog?
Edit:
I refer the parent page as a New Meeting window in Outlook and as a dialog I refer the dialog as iFrame (Office.context.ui.displayDialogAsync()). I have skipped the taskpane step and firing up the dialog directly when the addin button is clicked. My intention is to send the OAuth (bearer) token from parent page (since user is already validated to access O365 mailbox) to dialog.
As Rick noted, the data can be passed from parent to dialog by localStorage or query parameter. But my question is why Office JS Api is missing the methods for communication from parent to dialog (when the opposite way has methods for that).
There are three actors that need to be kept distinct: The dialog, the parent page (usually in a taskpane), and the Office host application (e.g., Excel, Word, etc.). The current wording of your question makes it difficult to discern which two actors you are talking about. The parent page can pass things, including tokens if that's ever required, to a dialog with query parameters or local storage. But ordinarily you would use a dialog to get an access token and pass the token in the other direction, from dialog to parent page. You do this using the messageParent API.
When you refer to the "host" in your question are you talking about the parent page (probably in a taskpane)?
EDIT:
OK. I think I understand the question now. You are asking for an API in Office.JS that can be called in the parent page and sends info to a PREVIOUSLY OPENED dialog. We've gotten requests for that and you can vote up the request here on Office Developer User Voice. However, I can't give a timeline about when such an API will be available. In the meantime, the only way I know of to communicate from parent page to an already opened dialog is to use LocalStorage. Search for "how to communicate between windows using local storage?" and you'll find info on techniques for doing this.
I know it's an old question, but maybe there are people reading this nowadays.
With regard to your question about ways of communication from parent page to dialog: you could pass information from parent page to dialog using the Office API's messageChild method as described here.
We are creating a custom dynamic sap Fiori/SAPUI5 application tile in our launchpad. It seems like you just need to put the odata service call with a $count for the dynamic tile to show list of pending items. For example
/MyListSet/$count
will output 100 pending items
But what if we want to check if the user has authorization to items in the list? I'm considering putting something like
/MyListSet('USER')/$count
but this doesn't seem to be possible as the USER is unknown until runtime.
Is there a way to get the logged user calling the OData service and pass this user to our OData call via RFC and filter the result from there?
The user should already be authenticated with the system if he sees your app/launchpad.
I would suggest that you use the sy-uname system variable and filter your entityset before responding to frontend.
This should not be implemented in SAPUI5 instead use the ABAP Gateway service.
In my Web Application I have jqGrid and other struts2 jquery plugins , now what i want is to have have a global error handler function that will redirect to my index page if error occurs any idea how can I implement this functionality.
You can use Interceptor to manage your exception on application level. Also see this document for exception-handling in struts.
You can also use global-results to fulfill your needs
If you handle exceptions by redirecting to index page it will only behave in desired manner when request are generated by browser directly rather than Javascript asking browser to generate request using Ajax. e.g. by clicking on anchor tag or directly accessing application through URL. In these conditions only you will get redirect to index page.
Ajax is used to send data to, and retrieve data from, a server asynchronously (in the background) without interfering with the display and behavior of the existing page on client side. Javascript responsible for calling Ajax has to handle response from server. So you have to manually trigger redirect. Have a look at this related Question.
I am writing a web application using server-side authentication, and I've been trying to figure out a way to leverage Facebook's Javascript SDK in my application.
The documentation for FB.init defines the optional authResponse parameter as something used to "Manually set the object retrievable from getAuthResponse". It also states that once obtained, an application may store the entire authResponse object for future access. This may work if an application uses FB.login, the Javascript SDK's authentication, but what about an app using server-side authentication?
Server-side authentication enables my app to obtain a user's access token, the most crucial piece of information needed for graph API calls. I would hope that this access_token alone would be enough to construct a valid authResponse object to use to authenticate to use with the Javascript SDK.
Merely calling FB.init (with valid appID, channelUrl, and other parameters) with an authResponse containing a valid "accessToken" field is not sufficient. Including the userId is also insufficient. Ideally, these parameters alone would work. The only others defined for the authResponse are 'expiresIn' and 'signedRequest'. Which, if either, of these parameters would be sufficient to generate a valid authResponse object? To what values must they be assigned?
I managed to dig up this description of a 'signedRequest':
https://developers.facebook.com/docs/authentication/signed_request/
This document raises a number of questions. I assume that the signature is produced by a symmetric algorithm. If not, then generating it would not be possible. Assuming it is possible, the description of the payload is in no way specific. There is a list of 9 parameters, none of which are labeled as required.
Like CBroe says, you shouldn't be passing anything manually. You start with a call to FB.getLoginStatus and pass your javascript handler as an argument to this method. You will have the authResponse returned back from the getLoginStatus call.
You can, of course, in theory pass the access_token param around to any FB.api call e.g. /me?access_token=blah_blah, where blah_blah is the string you have but again, this is not required and you are better off delegating this to the response handlers.
Be very careful when using the javascript sdk and server side authentication for access token generation/extension/verification. You end up maintaining two separate code paths and end up making the same call to Facebook over and over again. Even if you are storing the access token on your side, would be always better to pick one approach that works best for you, rather than having a server side call to get access token and a client side call to FB.api to use the access token.
There is a solution for that. I didn't think that it's so easy.
FB.api('/me?access_token={{ access_token }}', function (me) {
console.log(me); //do anything with me
});
So you didn't need to set an Objekt Variable in FB before -
simply add the access_token as parameter with your request.