Handling an oAuth flow from local HTML files? - oauth

I've got a local HTML + Javascript file that consumes a JSON API. I'd like to authenticate users via Facebook, but I'm not sure if that's possible -- does anyone have experience with this? I'm unsure of how the redirect (back from Facebook) would be managed when we're serving from a file:// context.

Just do it! :)
And you'll see.
PS
Maybe you should encode some characters like ":", "/" etc

Unfortunately, it won't work from a file:// context for a couple reasons:
In most modern browsers, Javascript cookies won't work with the file:// protocol, which is how you would probably authenticate your users. This can be solved by hosting the page using http:// from localhost.
In order to log a client in using facebook, you need a registered facebook app, and to register your facebook app, you have to give facebook a static domain where your app will be hosted. This is to ensure that requests for your app come from your domain and not from an attacker residing at a different domain.
Last but not least, because your users have to authorize your app on facebook.com, you also need to specify a redirect url after their successful login, which would be very challenging to circumvent.

it won't work under file:// context.
as James said, authentication through facebook requires your have a hosted web page and also register your site as facebook app; and also , facebook will need to redirect the browser to a so called "callback" url, which must be a http:// web page.
you can choose to host your webpage in a local web server instead

Related

What redirect URL to use when logging in with GitHUB with OAuth2?

I'm new in ios sdk and English. Therefore, sorry for my Eng.
I try to do authentication through github using OAuthSwift.
In the registration of the application (https://github.com/settings/apps), there is need a redirect URL. In the tutorial from raywenderlich.com was an example, they did authorization through Google. They wrote a unique domain in this line that does not work: com.raywenderlich.Incognito. And in Info.plist, we added a Scheme URL with com.raywenderlich.Incognito, so that (as I understood it) when we go to this address after authentication, we’ve got into our application. But if you try to add in the application settings (https://github.com/settings/apps) the Redirect URL: something like com.raywenderlich.Incognito, will generate an error, because github wants the URL to have to be valid. If we put the Valid URL there, then when we will be redirected to this address, we will simply go to it and will not return to the application.
I would be grateful for any help.
Sorry for my English.
Redirect url in OAuth is the url that the authentication provider navigates to when authentication is successful.
For mobile apps it is the link that launches the app (a sort of deep linking)
For websites it is the website home screen

iOS - Venmo API integration: Web Redirect URL

I'm trying to register my App on Venmo's developer site so that I can properly use their API, but I'm stuck trying to figure out what the required "Web Redirect URL" field is for. According to the docs, it says it is the following:
Venmo will redirect your users to this address. Must be formatted like
http(s)://www.example.com/example_redirect_url
As far as I could gather this was a URL scheme that would allow Venmo to redirect you back to your app after payment processing was completed on their side, but in researching how to set up a URL scheme the format is something like "[scheme-name]://", not "http://...."
The other thought I had was that this was just a url that contained a server-side or javascript redirect to that aforementioned URL scheme, but that seems like an unnecessary extra step. I also have a few other theories on what it could be, so I'm really just not sure which one it is...
I was running into the same problem. If your website is deployed you can use the redirect that your hosting service provides you. If you're not deployed then you can set it localhost.
Example: http://localhost:8000/auth/venmo/callback

Multiple OAuth redirect URIs for Dropbox Datastore API?

I wonder how the OAuth 2.0 redirect URI works, the App console over at Dropbox allows me to add multiple URL;s so what I really wonder is do I need to add every URL that needs access to the API?
A small exemple:
At the page index.html the user is prompt to connect to Dropbox, when connected the user is sent to app.html there the app it self is. What should then be the redirect URI, the index.html, the app.html or both?
You don't have to register each URL from which you access the API, just the one that the user is redirected back to after authorizing the app. Generally you'll only have one of these in production, but you might also use a localhost URL during development.

Instagram API: how can I have multiple redirect_uris for a single app?

I'm quite familiar with OAuth 2 for other providers, but haven't used it for Instagram before.
Like many developers, I have multiple domains where my app may run, eg:
http://www.foo.com/oauth2callback
https://www.foo.com/oauth2callback
http://localhost:3000/oauth2callback
https://localhost:3000/oauth2callback
Other OAuth 2 providers I have used, eg, Google, allow multiple entries in a redirect_uris parameter.
However Instagram only seems to allow a single Redirect URI parameter per registered app.
Can I have multiple redirect URIs for a single Instagram app or do I have to register multiple apps, each with a different redirect URI?
With Instagram apps that I have created, I have created a separate app per place I want to redirect to, although I haven't discriminated by ssl. I then load the api credentials into the app based on the environment it is running in.
It is a pain that you have to do that, as Instagram also restrict you to 5 registered apps per account too. It would be useful to be able register multiple redirects for that reason. But on the other hand, it would be just as good, for me, to not be restricted to the number of apps you can create (I've got more Twitter apps than I even remember creating!).
It looks like now you can set multiple Redirect URL(s) when you register/edit a Client in Instagram:
I think this is one of those scenarios that you feel back in the Atari.
anyway, I found useful doing this one:
edit your hosts file (in unix based OS: /etc/hosts)
make sure you add a line like this:
127.0.0.1 registeredomain.com
Where registeredomain.com is the domain you have in instagram as your production return uri.
In this way your app will return uri to registeredomain.com that is equivalent to localhost in your local machine, accepting the login.
btw: why? why? why? why instagram, why you have to force one return uri? any reason for that?

What's a redirect URI? how does it apply to iOS app for OAuth2.0?

Beginner programmer here, please pardon ignorance & explanations will be really nice :)
I've tried to read the tutorials for a certain OAuth 2.0 service, but I don't understand this redirect URI... in my particular context, let's say I'm trying to build an iPhone app that uses OAuth 2.0 for some service. I have an App ID that was generated, but i need to provide some sort of redirect URI to generate the API key.
Is this a URL that I'm supposed to host somewhere myself?? As the name suggests, I would think that the redirect URL is supposed to "redirect" someone somewhere. My only guess is that it's the URL a user is redirected to after they log in to the service.
However, even if that assumption is correct, I don't understand one other thing - how can my app be opened again after I've sent them to the browser for the user login?
Read this:
http://www.quora.com/OAuth-2-0/How-does-OAuth-2-0-work
or an even simpler but quick explanation:
http://agileanswer.blogspot.se/2012/08/oauth-20-for-my-ninth-grader.html
The redirect URI is the callback entry point of the app. Think about how OAuth for Facebook works - after end user accepts permissions, "something" has to be called by Facebook to get back to the app, and that "something" is the redirect URI. Furthermore, the redirect URI should be different than the initial entry point of the app.
The other key point to this puzzle is that you could launch your app from a URL given to a webview. To do this, i simply followed the guide on here:
http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
and
http://inchoo.net/mobile-development/iphone-development/launching-application-via-url-scheme/
note: on those last 2 links, "http://" works in opening mobile safari but "tel://" doesn't work in simulator
in the first app, I call
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:#"secondApp://"]];
In my second app, I register "secondApp" (and NOT "secondApp://") as the name of URL Scheme, with my company as the URL identifier.
Take a look at OAuth 2.0 playground.You will get an overview of the protocol.It is basically an environment(like any app) that shows you the steps involved in the protocol.
https://developers.google.com/oauthplayground/
redirected uri is the location where the user will be redirected after successfully login to your app. for example to get access token for your app in facebook you need to subimt redirected uri which is nothing only the app Domain that your provide when you create your facebook app.
If you are using Facebook SDK, you don't need to bother yourself to enter
anything for redirect URI on the app management page of facebook. Just setup a
URL scheme for your iOS app.
The URL scheme of your app should be a value "fbxxxxxxxxxxx" where xxxxxxxxxxx is
your app id as identified on facebook.
To setup URL scheme for your iOS app, go to info tab of your app settings
and add URL Type.

Resources