Has anyone had some success implementing OpenID on Windows Phone 7 using PhoneGap?
Another post suggests to use ChildBrowser (Using OpenID on a PhoneGap platform). But when I look at the ChildBrowser plugin for Windows Phone 7 (GitHub link) it seems to be in really bad shape.
Edit: There seem to be no issues with ChildBrowser, I just downloaded the files in the wrong way. But I'm still interested in learning to implement OpenID in this setup.
I am able to solve it in the following way:
1) When User clicks Google, Facebook, Twitter etc, I open a link (http://www.mywebsite.com/login/google) in InAppBrowser (PhoneGap native function, no plugin required).
2) When the link is opened, my server redirects to Google.com and user sees Google login page.
3) User authenticates itself with Google and Google redirects with the token to my server.
4) Now my server uses that token to create some accounts, logs, do some more operations and then redirects to a url with information required by my phone application.
E.g. - It redircts to http://mywebsite.com/login/google/successful?token=<>&query-string-parameters
5) InAppBrowser is listening for URL changes and when it finds a URL with the above pattern, it takes over, strips the URL, parses the information sent with the URL and then closes InAppBrowser.
Related
Google just changed their oauth model to the new specification:
Modernizing OAuth interactions in Native Apps for Better Usability and Security
I am trying to follow (specifically section 7 of) the ietf "draft-ietf-oauth-native-apps-09" linked in the above blog, and also this reference from google:
OAuth 2.0 for Mobile & Desktop Apps
The issue I have encountered is that the custom uri-scheme behavior varies across browsers, and in some cases does not work as expected. In Firefox, which maybe be the default system browser, the app actually open inside Firefox, embedded - it does not return to the app it embeds the app in the browser, while the app from which the authentication flow was started remains open.
In chrome, it correctly redirects back to the app, however the chrome page with the authentication confirmation page remains open and does not close, which could be confusing to users.
How can I make sure that the oauth provider will always redirect to my app (without the browser embedding it), and close the tab or window which had the authentication flow open?
I need to integrate google contacts import in my nw.js app. How should I create the google app ? When I create the app as web app, it asks for redirect uri which is not available for desktop apps. I'm not clear about how to implement google integration for desktop apps. Can anyone help me on this. ?
There is an option in OAuth for desktop applications, when instead of http://domain you will redirect to app://something and you application will be started or receive a callback.
To make this, in your application you need to open request token url in new window (new window in your node-webkit app).
Also: google docs and node-webkit github issue and other issue about this.
For me I thought better would be open a default browser, there is a high chance that user already authenticated, and then just need to click "allow". So I start simple webserver inside node-wekit app and redirect to localhost.
You can see implementation in my project https://github.com/Paxa/postbird/blob/90cfb53b1775310eb2f262c8b54c9dba15b5cc0a/app/heroku_client.js#L185
To open default browser I use command "open" (only for mac)
child_process.spawn('open', [url]);
I also try to close browser window when user redirected back, it works but not always.
response.writeHead(200, {"Content-Type": "text/html"});
response.end("<script type='text/javascript'>window.close();</script>");
May be I should also make a window active when receive redirect back (didn't try it yet):
var currentWin = require('gui').Window.get();
currentWin.focus();
If google not allows to make localhost as a callback url, you can try to use some domain (even free) and point it to 127.0.0.1 or use http://readme.localtest.me/
I've got a windows phone 8/8.1 app which contains a page with an embedded web browser on it. I build a list of articles extracting information from the website and all of this works fine but note that I only use this web browser to display an article when a user has clicked on the item in my list.
The article in question provides a button to allow user to leave comments via twitter. At the bottom of each article there is a "Twitter Log in" button. When I click on it, it brings me to the authorizing page and it displays the news website as the app I want to authorize.
After entering my twitter credential and clicking on the "Authorize App", I get the following error:
Exception of type 'Microsoft.Phone.Controls.WebBrowserNavigationException' was thrown.
Then a Twitter webpage gets displayed display the following:
There is no request token for this page. That's a special key we need from applications asking you to use your Twitter account. Please go back to the site or application that sent you here and try again. It's probably just a mistake.
It definitely authenticated me as I can see my Twitter account picture but it failed to authorize the app.
I understand that my app is not the original website as it is a wp8/8.1 app but what I'm calling in the web browser is the page that contains all the original code from the news website and therefore you would assume everything would work as if I was calling the website directly from a browser.
If I call the website from the browser that comes with wp8/8.1, it works as expected!! Strangely enough they have the same functionality but using facebook and this works as expected.
I've had a look at html the "twitter authorized page" when called from my phone and when called directly from my web browser on my laptop and while I can clearly see the form contains an hidden field for authenticity_token with a value and a oauth_token with another value, they do differ.
I don't know if they're suppose to be identical but as I said, I don't understand why this wouldn't work as when I display the article in the embedded web browser, you'd assume that everything else that goes on after this would behave as it would in a regular web browser and when this 'authorize app' button is clicked, you'd assume that all values would be passed as normal and the app would get authorized but nope!!
Any suggestions on how I could possible resolve this problem?
Thanks.
I can't really tell what's going on, but it looks like you would have to implement Twitter OAuth. Luckily for you there is already a library that can do that - https://github.com/konradbartecki/TwitterAutherino
I am the author of this library, so let me know if you need some support or non-existent features.
In my WP7.5 app, I have redirect the user to google web page where is asked to giving the app permissions to access to his account, user click yes, but it redirects to a page where there is the code and user is supossed to copy/paste that to my app.
The Response is
Please copy this code, switch to your application and paste it there:
4/3oHAHtqSk1CqA3S8HlEsuQRaE08e.4nCBpXhR-R8WgrKXntQAax02U4CwcgI - Auth code
I want to, when user press ok, return to my app with that code, is there any way to do that?
-SheikAbdullah
If you're using the Browser control, here's a great CodeProject article on how to do it:
Google OAuth2 on Windows Phone
I'm working on a Windows Phone 7 application with C#.
I want to implement my login page using Facebook account. To do that I'm using codeplex Facebook C# SDK.
How can I do that?
Thanks.
You can use ACS for that. See here. (answered your other question too)
In short (assuming you are writing a native app):
Your app (e.g. REST services) trusts ACS. For this you expect a SWT (Simple Web Token) that is issued by ACS
In your app, you embed a web browser that navigates to the app, to ACS and Facebook
Once the token negotiation happens in the browser, you extract the SWT and you pass it to the native app
All subsequent calls to your API include the SWT
If you are writing a "web" app for the phone, then it all just works.
In both scenarios, you would use WIF in your backend. It it is a REST API, you need the OAuth extensions mentioned in the link. If it is a web site, it all works OOB.