I am creating an app in which i am integrating Azure so for this i have register the app in Active Directory,but i am not getting what to pass in redirect url,Can i pass my custom url as a redirect url.and how to handle this custom url means api.?
authenticationContext.acquireToken(LoginActivity.this,Constant.RESOURCE_ID
Constant.CLIENT_ID, Constant.REDIRECT_URL, "", PromptBehavior.Auto, "",
callback);
If here i'll pass my api in Redirecturl so for this how i'll handle api response,and where i'll call my server using Aquery?
I have to do something in call back?
You would have to read about OAuth 2 flow works with Azure AD.
When you register an AD app , the redirect uri is the endpoint url of your application where AD will send the response back post authentication.
For a mobile device (i assume based on your tag) the oauth flow that is used is the implicit grant flow, where redirect uri is not involved.
Look at this https://github.com/Azure-Samples/active-directory-android sample on how ot integrate android client with Azure AD.
Related
I have set up third party OAuth authentication on my Node.js server using passport.js.
It works well from browser. The flow is the following:
Get request to myserver.com/auth/instagram
Passport redirects me to instagram website to login
I type my credentials
I am redirected to the callback url, which is my server.com/auth/instagram/callback
I do further processing and finally res.send(myAccessToken) to the client.
I am having troubles implementing this in Android. To type third-party credential, a browser page will be needed. But then how am I going to get the final result in my app?
Option 1
Start the browser.
Intent i = new Intent(ACTION_VIEW);
i.setData(Uri.parse("https://myserver.com/auth/instagram"));
startActivity(i);
Issues:
I cannot easily set proper headers needed for my server.
I cannot programmatically read the final response! The action is given to the browser app, which goes to the end and will never notify my app. The user is shown a blank page with myAccessToken printed.
Option 2
Connect using some http library.
final Request request = createRequest()
.url("https://myserver.com/auth/instagram")
.get()
.build();
Response response = client.newCall(request).execute();
Issues:
Does not work! Even if I set okhttp to follow redirects, I get a 200 response pointing to some instagram url. Of course the user is never prompted his instagram credentials, because no browser ever opened.
How to deal with this?
Notes:
I have used instagram as an example, the third party service is not relevant to the question. I am looking for a general solution to receive the result callback in my Android app.
I am not willing to implement client-side auth. I am willing to trigger steps 1.-5. from my Android app and receive the final result in a Java callback.
After hitting the login URL of Microsoft band with my credentials, i am redirected to a URL which contains the access token but it doesn't return the refresh token for the authorisation scope (offline_access). Do we have to make any changes in the Microsoft account for offline access ?
Note : offline_access scope missing in redirected URL
Login URL : (To get access token)
https://login.live.com/oauth20_authorize.srf?client_id=0000000067E8E&scope=offline_access mshealth.ReadDevices mshealth.ReadActivityHistory&response_type=token
&redirect_uri=https://login.live.com/oauth20_desktop.srf
Redirected URL
https://login.live.com/oauth20_desktop.srf?lc=1033#access_token=EwCgAvF0BAAUkWhN6f8bO0%2bg89MA1fmZueWyRkQAAe%2bPpQEZi2ny0/0knttDAVbenK3VDVzYzmD7HRVQ2rZXp9hSbJE1VvXse%2bZW0IoWqVvgAdHmWleOmKHhB3E4eJ220ztjozrqyxA0Vo/T1/RzW8U2f%2b5FQp6YKnPCXPIOenPz9XqHBapvzZkRTXO666VuJ7cjgcmQ7ANIJyMdu6J1DmEmp5B2pbLlRf/RxGFDzQEuhdHE68ExKtdRgXNGquW9fwKx6uG4Np6tCHebbzOUoY8/oHLS7x/eNUPYJUKMJweljI3FVOBUnaiYfMSY/AUFBvPvjrIoyQIjTmEG81vn3jIbhUVOuC/BTAZcm0aW3tZQLor9TLmd/uDg/P5jPZsDZgAACKznE0lStQmJcAFKavrO1/U7NXE1zzCSj2MHf867kmZ62UNwUmOqfbBHbFmFaNyqLq5d7Brv/RuIKV321t8OEcE8jUp65D9rjTp3jSYWnKP2mwib%2bvOpdtctN41yoCr%2bk8gKcyALtB%2bYbpxAFrN5J471XLzXy0doOCbOmjbU%2bYKy1mZI/j%2b0Hvn7JSL9B3DC1/YqfF21OjjzT8Xtil5Av/kVCpr8KIYpfzxVP4YqavxU1xriw2c4hR1uN%2b9dp4NuurxpeJb%2boUJ9LgikZN3rX2iB4n5e5VxtH0jRPujZd0nTRA8kwhJJzlgrIGsBDoqEDp8xp9KqkUEZ7%2bevvhbRD/9O5x6/4g%2biPORgicWqTEQ4XxvV5LKaeZq4rKxaDemmNI92yHjSjYA2WQNidbjEmRmelA221Sn2AFqp77uOD7%2bTitoXzOPWMrqLjGkcOH9UQdYA9uXbSPvQ7g1AwUPtlB7Y2fh0JlzBa7OyGrzai9mHJ1jmyXRj76/naI0B&token_type=bearer&expires_in=3600&scope=mshealth.readactivityhistory%20mshealth.readdevices&user_id=2c6adaf29f64fe0d0d72670f90c67080
You're trying to use 'response_type=token' but the Microsoft Health API uses the 2-step 'response_type=code' authentication flow. See section 4.8 of the Getting Started guide. The redirect URL for the first call contains the authorization code as a query parameter. You use that code in a second call which returns a JSON response body containing the access token and (if offline_access scope was requested) a refresh token.
I am using Atom Payment Gateway for payments in my Android app. But this provider doesn't have an SDK for mobile platforms, also I cannot choose another provider because my client has been using Atom PG for their website for a long time.
So to make it work, I am now trying to call it in a webview in my app. All goes well until the last step except that I am not able to get the response from the PG upon completion of transaction.
As per their documentation:
After the completion of the transaction, the response will be posted back to the url provided by the merchant.
I already tried setting the return url to my reverse domain name and then setting an intent-filter but that doesn't seem to work.
Is there any method by which I can get the response that the PG "posts back" to the return url?
Here is an idea,
On getting the post request on your return url, you can parse that response and then via javascript send that to the JavascriptInterface linked to your WebView in the app
Intercepting POST data has been discussed:
How to intercept POST data in an android webview
Intercept POST requests in a WebView
Try this project : https://github.com/KeejOow/android-post-webview
I have created my own webservice which is protected by Oauth2. I am currently using restlet for this. It makes sense providing a redirect url when you are developing a javascript client on a certain url, but what redirect uri do you provide when you are calling from a WebView.
I currently just make it redirect to localhost and register that to the oauth authorization server. Can anyone tell me if that is the correct way of handling this or am I getting this completely wrong? The redirect page can ofcourse not be found on the android device, but you can fetch the token from the url which was appended to the localhost url.
you can make your own URL schema and use it for redirect URL check this link for customize your schema
I have 3 entities:
1.Android Phone
2.Local Server
3.Fb Server
I want user to login from his phone on to FB , but once authenticated , I want to be able to pull data into local server from FB(no data on to phone).
What is the best way to do this ?.
Is there a way to do this using oAuth ?
This is certainly no problem. Just implement the server-side authentication flow on your web server. Instead of placing a login button on a website where you redirect the user to the Facebook dialog, you open the browser on the smartphone (or embedd a Webview) with that URI. The redirect_uri then points to your web server callback, where you receive the authorization code. Then you exchange that code for an access token by calling Facebook from your server and you're done.
On the phone, point the browser to:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID
&redirect_uri=https://YOUR_SERVER/YOUR_CALLBACK
&scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES
&state=SOME_ARBITRARY_BUT_UNIQUE_STRING
After handling the callback, issue a request from your server to:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=https://YOUR_SERVER/YOUR_CALLBACK
&client_secret=YOUR_APP_SECRET
&code=AUTHORIZATION_CODE_YOU_RECEIVED