I've got a windows phone 8/8.1 app which contains a page with an embedded web browser on it. I build a list of articles extracting information from the website and all of this works fine but note that I only use this web browser to display an article when a user has clicked on the item in my list.
The article in question provides a button to allow user to leave comments via twitter. At the bottom of each article there is a "Twitter Log in" button. When I click on it, it brings me to the authorizing page and it displays the news website as the app I want to authorize.
After entering my twitter credential and clicking on the "Authorize App", I get the following error:
Exception of type 'Microsoft.Phone.Controls.WebBrowserNavigationException' was thrown.
Then a Twitter webpage gets displayed display the following:
There is no request token for this page. That's a special key we need from applications asking you to use your Twitter account. Please go back to the site or application that sent you here and try again. It's probably just a mistake.
It definitely authenticated me as I can see my Twitter account picture but it failed to authorize the app.
I understand that my app is not the original website as it is a wp8/8.1 app but what I'm calling in the web browser is the page that contains all the original code from the news website and therefore you would assume everything would work as if I was calling the website directly from a browser.
If I call the website from the browser that comes with wp8/8.1, it works as expected!! Strangely enough they have the same functionality but using facebook and this works as expected.
I've had a look at html the "twitter authorized page" when called from my phone and when called directly from my web browser on my laptop and while I can clearly see the form contains an hidden field for authenticity_token with a value and a oauth_token with another value, they do differ.
I don't know if they're suppose to be identical but as I said, I don't understand why this wouldn't work as when I display the article in the embedded web browser, you'd assume that everything else that goes on after this would behave as it would in a regular web browser and when this 'authorize app' button is clicked, you'd assume that all values would be passed as normal and the app would get authorized but nope!!
Any suggestions on how I could possible resolve this problem?
Thanks.
I can't really tell what's going on, but it looks like you would have to implement Twitter OAuth. Luckily for you there is already a library that can do that - https://github.com/konradbartecki/TwitterAutherino
I am the author of this library, so let me know if you need some support or non-existent features.
Related
I have registered a dummy app with Yammer, as I am still in testing phase. I gave the homepage of my org as the redirect URI. Honestly, there is no app hosted anywhere. Still, I think it is possible to test the authentication and go till creating a token. This is what I have done.
Navigated to https://www.yammer.com/client_applications page.
Registered an application. I provided the "RedirectURI". I got a "Client Id", "Client Secret", and "Expected Re-direct".
Since I don't have an app to launch anything from, I manually typed in the following URL in the browser. "https://www.yammer.com/oauth2/authorize?client_id=[:client_id]&response_type=code&redirect_uri=[:redirect_uri]".
I was taken to the app registration page. I clicked "Allow".
Now the page is redirected to the home page of my org, as I provided along with "www.<<>>.com/code=".
I copied this code over, tried to launch "https://www.yammer.com/oauth2/access_token.json?client_id=%s&client_secret=%s&code=%s".
I expected a token to be created, so that I go back to my dummy JAVA program and start connecting to Yammer, but I am not allowed to connect in above step. I am getting a "Not Authorised" error.
Can some please point out what I need to do? My requirement is that I get this token not from with in an app, but then on use it in a SWT based Rich Client JAVA application to connect to Yammer.
I think the request to oauth2/access_token.json needs to be a POST not a GET
I am using google oauth 2 for authentication. (Installed application)
Right now when the user allows access in user consent screen, how can i retrieve auth code from the redirect uri without user involving in cut and copy paste auth code. How to read the auth code from the title bar?
In any Operating system a program can read titles from the windows of any other application ( including your browser ).
In order to help you I would need to know what OS you are using and what language you are using to develop your Google declared "Installed Application".
The following thread shows you how to get a list of windows titles in Java
How to get a list of current open windows/process with Java?
For installed application, you can use the special redirect_uri urn:ietf:wg:oauth:2.0:oob, and the authorization code will be returned in the title bar of the browser, your app can read the title of the HTML page to obtain the authorization code.
The tile of page will be like this:Success code=AuthorizationCode
So you can check the webpage, if the title contains this string, you'll get code.
yes .. this can be done by using google service account. they will provide us a p12key and we can make use of it without any consent screen.
In my WP7.5 app, I have redirect the user to google web page where is asked to giving the app permissions to access to his account, user click yes, but it redirects to a page where there is the code and user is supossed to copy/paste that to my app.
The Response is
Please copy this code, switch to your application and paste it there:
4/3oHAHtqSk1CqA3S8HlEsuQRaE08e.4nCBpXhR-R8WgrKXntQAax02U4CwcgI - Auth code
I want to, when user press ok, return to my app with that code, is there any way to do that?
-SheikAbdullah
If you're using the Browser control, here's a great CodeProject article on how to do it:
Google OAuth2 on Windows Phone
How can one avoid to have to show this redirect_uri = "https://www.facebook.com/connect/login_success.html" each time you login with your WP7 app.
I have a share button in my app which should post content to the facebook page of the user that logged in. Currently when a user already has entered username/password they still get to see the white screen "login_success.html" first and then the item gets posted and it returns back to the app page.
How can you avoid this screen in the app flow ?
I am using the facebook sdk C# v6...
Thanks.
You can make your browser control invisible after you got the access tokens
I am building a WP7 Twitter client. The normal OAuth 1.0 flow involves obtaining a request token by navigating a web browser to https://api.twitter.com/1/oauth/authenticate with my app's consumer key; this page will show a login prompt and ask the user to authorize my app to perform actions on their behalf. Upon completion, this page will redirect to a callback URL supplied by my app, with the request token supplied as a parameter.
For web apps this makes sense. I don't understand how this is supposed to work for a standalone mobile/desktop app, though. The Twitter API documentation seems to imply that this should be a feasible option. They do offer an alternative xAuth mechanism that allows an app to gather username/password itself and then supply that directly to obtain an access token. The API documentation points out that this is an inferior option (as it requires the user to trust the app, not just Twitter, with their password), but I don't see how I have any reasonable alternative?
(there is also a PIN-based option, but that's a pretty burdensome solution for the user)
I just want to make sure I'm not missing anything obvious.
"For web apps this makes sense. I don't understand how this is
supposed to work for a standalone mobile/desktop app, though."
Just embed a web browser control in your app, and navigate to the twitter authentication page. Then detect the redirection to the callback url (using the Navigating event) and retrieve the parameter. Many twitter apps do that, it's basically the same as asking the user for the login and password, except that instead of your own controls you're displaying twitter's page.
Nope, you're correct. The option for a mobile/desktop application is either a pin-based option or to use xAuth. Once you have an xAuth application has an access token it is indistinguishable from OAuth (it only changes the authorisation workflow). One thing it does change, and this is very specific to Twitter, is that if you do use xAuth then your application will not be allowed to read or write Direct Messages. See Twitter's The Application Permission Model page for more information.