I would like to move away from using the provided WebKit for oAuth2 in an OSX App. This means that I'm (AFAIK) restricted to only two Redirect URL's:
1) http://localhost
2) urn:ietf:wg:oauth:2.0:oob
Being on the mac, I would ideally like to have redirect URL such as myApp://something, but this is rejected by Google as an "invalid URL" for use as redirect.
(2) is not an option as it requires the user to copy/paste a code from the browser. Yik.
I see I can offer a custom port (so I could write/employ a small HTTP server at some port to answer the callback), but is there an easier way (e.g: custom URL scheme above, would be perfect)?
Related
What is the correct format for a redirect URL when authenticating with OAuth2 and the Harvest API from an iOS application?
oauth.com states that a redirect URL for a native application can look like myapp://callback. Problem is, Harvest doesn't accept such a redirect URL. It seems to require prefixing it with http/https, which causes problems when redirecting back to the iOS application at the end of the authentication flow. I don't seem to find anything relevant in the Harvest API documentation.
I have added a URL Type in Xcode where I set the Identifier value to com.example.myapp and the URL Schemes value to MyApp. No matter what redirect URL I specify (given the format mentioned above) in Harvest the authentication flow always complains that Safari cannot open the page because the server cannot be found. I am able to open the app manually with the appname:// URL from the
It sounds like you're looking for the URL to use regarding redirection from a web call. I'm not certain on oath2, but on SAML it is something like
https://where you are signing in/SSOpage?RelayState=https://where you are going
I hope this helps get you to your answer.
If anyone else has this issue, the identifier and URL Schemes should not be com.example.myapp and MyApp, respectively. You only need to set the URL Scheme to com.example.myapp
When the webhosting option is activated for an app in Back4App, getting a subdomain like http://someapp.back4app.io, if you access someapp.back4app.io http is used by default instead of https.
Regarding to this I only found https://blog.back4app.com/2017/11/09/parse-server-best-practices/ but that speaks only about checking via javascript the http/https protocol in every page/function/api-endpoint, and redirecting if it's not https, quite tedious.
Is there a way to globally redirect any http request to my Back4App pages to https?
I checked with the Back4app's Support Team and, in that case, it's possible to do only on Dedicated Plans. For more info, I kindly ask you to contact them.
I'm trying to register my App on Venmo's developer site so that I can properly use their API, but I'm stuck trying to figure out what the required "Web Redirect URL" field is for. According to the docs, it says it is the following:
Venmo will redirect your users to this address. Must be formatted like
http(s)://www.example.com/example_redirect_url
As far as I could gather this was a URL scheme that would allow Venmo to redirect you back to your app after payment processing was completed on their side, but in researching how to set up a URL scheme the format is something like "[scheme-name]://", not "http://...."
The other thought I had was that this was just a url that contained a server-side or javascript redirect to that aforementioned URL scheme, but that seems like an unnecessary extra step. I also have a few other theories on what it could be, so I'm really just not sure which one it is...
I was running into the same problem. If your website is deployed you can use the redirect that your hosting service provides you. If you're not deployed then you can set it localhost.
Example: http://localhost:8000/auth/venmo/callback
I'm developing an app using Phonegap and it implements a Facebook login to save some data using the user_id as a reference. I'm using OAuth.io library to implement the login dialog and everything runs smoothly in the web browser and in Android but when I test the app in XCode and I tap the login button the following error appears.
Cannot find hostname in file:/// from static
code: InvalidHeader
message: Cannot find hostname in file:/// from static
My guess is that it has something to do with phonegap not making an external request since the app is not actually hosted in a domain but running locally... any thoughts?
Seems like you are using oauth.js library instead of phonegap version
In your main page "index.html" add reference to the correct js file
<script src="oauth-phonegap.js"></script>
Then follow the instructions here to build your application
I had a simular issue using oauth.io. Turns out it was my Ajax prefilter changing the REQUEST to Facebook(it was adding parameters to the header for each request). Wether this is your issue or not, what you need to do is compare a successful REQUEST to Facebook to an unseccussful one, that will show you where things go wrong. Alternativly a blank phonegap app with no extra code other then the required oauth code should work and will be a Good starting point to isolate your issue.
I have been using Phonegap 2 years before.Though I didn't connect to facebook before,I connected to other website by OAuth.I can show you my solution.
Firstly,you should know how OAuth works.You can read OAuth 2.0 from facebook developer website or other websites.
Secondly,you should know your target:token,uid,expires_time.The most important thing is token.
Thirdly,just do it.In 2010,I solve this problem by using Phonegap Childbrowser plugin(now Phonegap have a inAppBrowser) and a light server.
Why I should use a light server?The server can help me to handle the redirecting in OAuth service and do cache.
Step 1 : I wrote script to connect with my server,and my server connect to OAuth Service(facebook).
Step 2 : OAuth Service(Facebook) do response and redirect to Facebook login page.
Step 3 : After input username and password,OAuth Service(Facebook) will redirect to another url and do a callback with some code or token.
Step 4 : If you get the token,save it and use it to connect OAuth Service(Facebook) if you want.
When I saw "Cannot find hostname in file:/// from static " in your description,I know that maybe you get confuse in OAuth.Now,I suggest you some server side code to handle it and make your OAuth process possible.
I've got a local HTML + Javascript file that consumes a JSON API. I'd like to authenticate users via Facebook, but I'm not sure if that's possible -- does anyone have experience with this? I'm unsure of how the redirect (back from Facebook) would be managed when we're serving from a file:// context.
Just do it! :)
And you'll see.
PS
Maybe you should encode some characters like ":", "/" etc
Unfortunately, it won't work from a file:// context for a couple reasons:
In most modern browsers, Javascript cookies won't work with the file:// protocol, which is how you would probably authenticate your users. This can be solved by hosting the page using http:// from localhost.
In order to log a client in using facebook, you need a registered facebook app, and to register your facebook app, you have to give facebook a static domain where your app will be hosted. This is to ensure that requests for your app come from your domain and not from an attacker residing at a different domain.
Last but not least, because your users have to authorize your app on facebook.com, you also need to specify a redirect url after their successful login, which would be very challenging to circumvent.
it won't work under file:// context.
as James said, authentication through facebook requires your have a hosted web page and also register your site as facebook app; and also , facebook will need to redirect the browser to a so called "callback" url, which must be a http:// web page.
you can choose to host your webpage in a local web server instead