I have created my own webservice which is protected by Oauth2. I am currently using restlet for this. It makes sense providing a redirect url when you are developing a javascript client on a certain url, but what redirect uri do you provide when you are calling from a WebView.
I currently just make it redirect to localhost and register that to the oauth authorization server. Can anyone tell me if that is the correct way of handling this or am I getting this completely wrong? The redirect page can ofcourse not be found on the android device, but you can fetch the token from the url which was appended to the localhost url.
you can make your own URL schema and use it for redirect URL check this link for customize your schema
Related
So I am using seatgeek api. The grant type is an authorisation code. Therefore you are provided with an authorization url. This authorization url will then redirect user back to the redirect url you created.This time with the code appended to it. Next you will use this code to retrieve the access token.
The authorization url is
https://seatgeek.com/oauth2?scope=offline_access,&client_id=xxxxxxxxxxxxxxxxxx
the redirect url look something like this.
https://name/oauth/fin?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NzEzNTMzNjUsImV4cCI6MTY3MTM1Mzk2NSwiY2xpZW50X2lkIjo5NjU2LCJ1c2VyX2lkIjozMDQ4NDIzNCwiY29kZV9jaGFsbGVuZ2UiOm51bGwsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6bnVsbH0.eVly0CYTi4DWyRQE3MerAz911LxBj6MdXcw3pAXT1Wk
looking at the above urls, the authorization url will redirect the user to https://name/oauth/fin? however the code needed is appended this time. this is the code you will need to request an access token.
I did this in my browser.However I wan to know how to set it up using retrofit and refresh it whenever it expires. Any help will be greatly appreciated.
here is the seatgeek documentation
https://partners.seatgeek.com/enterprise-client-integration/oauth if you need more info
I am creating an app in which i am integrating Azure so for this i have register the app in Active Directory,but i am not getting what to pass in redirect url,Can i pass my custom url as a redirect url.and how to handle this custom url means api.?
authenticationContext.acquireToken(LoginActivity.this,Constant.RESOURCE_ID
Constant.CLIENT_ID, Constant.REDIRECT_URL, "", PromptBehavior.Auto, "",
callback);
If here i'll pass my api in Redirecturl so for this how i'll handle api response,and where i'll call my server using Aquery?
I have to do something in call back?
You would have to read about OAuth 2 flow works with Azure AD.
When you register an AD app , the redirect uri is the endpoint url of your application where AD will send the response back post authentication.
For a mobile device (i assume based on your tag) the oauth flow that is used is the implicit grant flow, where redirect uri is not involved.
Look at this https://github.com/Azure-Samples/active-directory-android sample on how ot integrate android client with Azure AD.
I am using Atom Payment Gateway for payments in my Android app. But this provider doesn't have an SDK for mobile platforms, also I cannot choose another provider because my client has been using Atom PG for their website for a long time.
So to make it work, I am now trying to call it in a webview in my app. All goes well until the last step except that I am not able to get the response from the PG upon completion of transaction.
As per their documentation:
After the completion of the transaction, the response will be posted back to the url provided by the merchant.
I already tried setting the return url to my reverse domain name and then setting an intent-filter but that doesn't seem to work.
Is there any method by which I can get the response that the PG "posts back" to the return url?
Here is an idea,
On getting the post request on your return url, you can parse that response and then via javascript send that to the JavascriptInterface linked to your WebView in the app
Intercepting POST data has been discussed:
How to intercept POST data in an android webview
Intercept POST requests in a WebView
Try this project : https://github.com/KeejOow/android-post-webview
I am in the process of developing an iPhone PhoneGap application and have stumbled into a problem redirecting the user after login.
The flow is as follows:
Application is loading.
I am redirecting the user to a login page which is located on a remote server and passing a parameter of the current page so the user will be redirected after a successful login.
e.g. http://www.myloginserver.co.il?ret='this is the url of the local html file'.
The problem is I cant get the login page to redirect back to the local html.
i have tried passing the following urls:
window.location.href
window.location.href.substring(window.location.href.indexOf("www/")
"file:////" + window.location.href.substring(window.location.href.indexOf("www/")
Has anyone encountered this problem?
Thanks,
Udi
Interesting question. I'm not sure if it is possible...what I would do instead is create the login form locally in your /www/ and use AJAX to query the server and see if they were able to login. Then in the callback function of your AJAX request you can determine if you can send them to the next page or if they need to retry the login.
I have 3 entities:
1.Android Phone
2.Local Server
3.Fb Server
I want user to login from his phone on to FB , but once authenticated , I want to be able to pull data into local server from FB(no data on to phone).
What is the best way to do this ?.
Is there a way to do this using oAuth ?
This is certainly no problem. Just implement the server-side authentication flow on your web server. Instead of placing a login button on a website where you redirect the user to the Facebook dialog, you open the browser on the smartphone (or embedd a Webview) with that URI. The redirect_uri then points to your web server callback, where you receive the authorization code. Then you exchange that code for an access token by calling Facebook from your server and you're done.
On the phone, point the browser to:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID
&redirect_uri=https://YOUR_SERVER/YOUR_CALLBACK
&scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES
&state=SOME_ARBITRARY_BUT_UNIQUE_STRING
After handling the callback, issue a request from your server to:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=https://YOUR_SERVER/YOUR_CALLBACK
&client_secret=YOUR_APP_SECRET
&code=AUTHORIZATION_CODE_YOU_RECEIVED