I have created a slack app and stuck at adding the redirect url. I want information like token, team_id from redirect url. I went through the link https://api.slack.com/authentication/oauth-v2 I got the idea of redirect url, but how should I create although I used client_id,secret in the url but I want to capture the HTTP request response. How should I create one?
Related
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
Store it in a query string, for example, redirect to example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as the Location.
Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
I want to implement oAuth2 flow in my Slack app, but it's impossible to test properly.
I have added /slack/redirect-url as a redirect URL on my App management page. Then try to install\reinstall the app on the following page:
Unfortunately, it doesn't work, my endpoint isn't called.
However, if I go to the "Distribution" section and try to install the app from there it does call my redirect URL:
So, what's the issue? Why the first approach doesn't call my redirect URL, but the second one does? Am I missing something fundamental?
The "Reinstall App" button will handle the entire exchange of verifying and granting the OAuth token within Slack, so there is no need for the redirect.
The redirect URL is intended for users who are authenticating with your service, and thus you need to store the token.
User clicks the install button
User authorizes through Slack UI
Slack redirects to your desired URL
You grab the code included in the redirect call
You exchange the code for the OAuth token
You store the OAuth token
When you use the "Reinstall App" button in your app management view, steps 3-6 are handled entirely by Slack and the token is displayed to you.
To properly test the redirect URL, you can go through the OAuth flow manually. Given that they're simply GET requests, you can just modify the links and paste directly into your browser.
Step 1: Authorize the app – this will send you to Slack for authorization, and then your redirect
https://slack.com/oauth/authorize?client_id=CLIENT_ID&scope=SCOPES&redirect_uri=REDIRECT_URI
Step 2: Exchange the verification code for OAuth token
https://slack.com/api/oauth.access?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=REDIRECT_URI&code=CODE
I have test my site with passport and can get the access_token.
(tested between two sites to verify)
With the Alexa skill it doesn't give a fixed redirect url.
It shows this:
Redirect URLs (Optional) The list of valid HTTPS redirection endpoints that could be requested during authorization to redirect the user back to after the authorization process.
Then it gives three different redirect url.
I set them all in the oauth_clients table redirect column one at a time, try all three separated with a comma, even tried to leave the field NULL, but it won't allow it to authorize. It keep bringing up a new login page.
Is there anyway not to look at the oauth_clients table for the redirect field sense it should be passed in the request?
I'm using a custom SocialLoginController to log my users with facebook or google in al Laravel 5.3 project
In some cases I send to users an email with info about one change and the URL to the resource, for example https://myweb.com/settings/profile/[the-uuid]
when the user tries to access but is not logged in, he's redirected to the Handler#render() where I send it to login with return redirect()->guest('/login'); and after login with social account I redirect them using return redirect()->intended('/home') but since I don't use the LoginController, the redirection to the requested URL is not working.
Any idea? Thanks
The problem is the request object is lost after redirect the user to login with facebook or google, so I fixed by saving the requested URI in a session variable and then checking if exists after redirect
return Session::get('intended') ? redirect()->to(\Session::get('intended')) : redirect()->to('/expenses');
Maybe this could help someone
redirect_uri parameter for the authentication URL for the server-side flow hasn't work when a user has to sign in to Yammer after visiting the authentication URL.
The current situation is as below:
A user visits
https://www.yammer.com/dialog/oauth?client_id=[:client_id]&redirect_uri=[:redirect_uri]
He's redirected to
https://www.yammer.com/dialog/authenticate?client_id=[:client_id]
"redirect_uri" is being missed here.
He signs in with his Yammer account. He is redirected to his Yammer home, not redirecting back to [:redirect_uri].
Could you please investigate if it's an issue to be fixed?
use the below code.
https://www.yammer.com/oauth2/authorize?client_id=[clientid]&response_type=code&redirect_uri=[redirect url]?error=[:error]&error_description=[:error_description]
Replace your client id and redirect url only in the above line. Rest keep the same.
Also, Please make sure the redirect url you have mentioned while registering the app key matches with the redirect_uri above.