OAuth and API

  1. 9 months ago

    David S

    10 Mar 2018 Pre-Release Testers, Xojo Pro
    Edited 9 months ago

    I am trying to understand the concept of using an API with OAuth using my Xojo Desktop app (2013 r3.3).

    I was reading about something similar here that uses OAuth with youtube but I am still confused about how the callback URI actually works.

    The API I am trying work work with requires authorization and then the results are all in JSON.

    I think the most confusing part is the OAuth authorization.

    Once I log in, I send a REQUEST and get a RESPONSE. I am pretty sure I can work through that part. It's the log in (and the callback URI) that confuses me.

    Found something that helps a lot here

    So I guess I just have to figure out how to read the callback string.

  2. Christoph D

    10 Mar 2018 Pre-Release Testers, Xojo Pro
    Edited 9 months ago

    No need to re-invent the wheel. This is by far the best solution for OAuth: https://www.example-code.com/xojo/default.asp

  3. David S

    10 Mar 2018 Pre-Release Testers, Xojo Pro

    So the redirect URI would actually be: http://localhost:3017/

  4. Dirk C

    13 Mar 2018 Pre-Release Testers, Xojo Pro Belgium, Zedelgem

    @David S So the redirect URI would actually be: http://localhost:3017/

    Not necessarily, it could be myxojoapp://auth if you are on mobile
    Look at this page https://www.oauth.com/oauth2-servers/redirect-uris/
    Hopefully that will help somewhat.

  5. Thom M

    13 Mar 2018 Pre-Release Testers Greater Hartford Area, CT

    Use an HTML viewer. Make the callback URI something you can predict, such as (as suggested) myxojoapp://auth and capture that in the HTMLviewer CancelLoad event. You can see a real-world example of this in https://github.com/thommcgrath/Beacon/blob/development/Project/Views/MiniBrowser.xojo_window - it has some Cocoa code you’ll need to work around a redirect detection issue on macOS.

  6. Edwin v

    13 Mar 2018 Pre-Release Testers, Xojo Pro The Netherlands

    I try to get the oAuth 2 login to work as well.

    Using the Chilkat oAuth plugin for Xojo, the login actually works fine. But when I Log out, by removing the tokens, and want to login again I get an error saying that the port (or socket or something like that) is already in use. I am sure I have no instances of the previous oAuth session left.

    Anybody any experience with this kind of behavior?

  7. ronaldo f

    13 Mar 2018 Pre-Release Testers, Xojo Pro Philippines

    Hi Edwin,

    Are you using oAuth 2 login for xojo web app.?

  8. Edwin v

    13 Mar 2018 Pre-Release Testers, Xojo Pro The Netherlands

    @ronaldoflorendo Are you using oAuth 2 login for xojo web app.?

    Hi Ronaldo, (Not the soccer player, right? ;) )

    No, I'm using it in a desktop project. But might use it for a web app in the future.
    There is actually a web app I use as a middleware app to do some operations on the user's behalf. The user will initialize the operation on the Desktop app. And since the tokens are "portable", I can use those on the middleware app to handle upload operations.

    But as far as login within a web app, no... not there yet.

  9. ronaldo f

    13 Mar 2018 Pre-Release Testers, Xojo Pro Philippines

    Thanks Edwin. We're both looking for oAuth 2 chilkat solution but mine is for web app. Good luck to us. :)

  10. Edwin v

    14 Mar 2018 Pre-Release Testers, Xojo Pro The Netherlands

    @ronaldoflorendo Good luck to us. :)

    He! Thanks. I'm sure you might be able to work with the chilkat plugin. Maybe not in a way as described in the CK's examples. You just have to see if the target machine (where the app will be served at) is compatible.

  11. 8 weeks ago

    Arthur v

    Oct 18 Pre-Release Testers Netherlands

    @Christoph Dnbsp;Vocht No need to re-invent the wheel. This is by far the best solution for OAuth: https://www.example-code.com/xojo/default.asp

    But it starts at almost $300 right?

  12. Arthur v

    Oct 18 Pre-Release Testers Netherlands

    For future reference...

    @LoannisKolliageorgas Simple example with htmlview.
    File

  13. Oliver O

    Oct 18 Pre-Release Testers, Xojo Pro https://udemy.seminar.pro

    The process basically includes to first get an access token and once you have this token, then use it with any further api call.

    Usually you will find details about how to get the oauth2 access-token in the REST API documentation of the webservice which you want to use.

    Code could look something like this:

      Dim dic As New Xojo.Core.Dictionary
      
      dic.Value("grant_type")    = "password"
      dic.Value("username")      = "myusername"
      dic.Value("password")      = "mypassword"
      dic.Value("client_id")     = "AHxyKGssNdRz6bBrvqS3iREARka5FaTJ3kXRDFSS"
      dic.Value("client_secret") = "QysGoB8jIMhCsCr1zTOKq1THhbTBohAyjD2PNg1i"
      
      Dim json As Text
      
      Try
        json = Xojo.Data.GenerateJSON(dic)
      Catch
        Dim jError As xojo.Data.InvalidJSONException
        MsgBox jError.Message + EndOfLine + EndOfLine + jError.Reason
        Break
        Return
      End Try
      
      
      // Convert Text to Memoryblock
      Dim data As Xojo.Core.MemoryBlock = Xojo.Core.TextEncoding.UTF8.ConvertTextToData(json)
      
      // Assign to the Request's Content
      Self.sock.SetRequestContent(data,"application/json")
      
      // Set the URL
      Dim url As Text = "https://myserver.com/oauth/token/"
      
      // Send Asynchronous Request
      Self.sock.Send("POST",url)

    Then, in the PageReceived handler you may have code similar to this:

    If HTTPStatus = 200 Then
      
      // TODO: check: required square brackets
      buffer = "[" + buffer +"]"
      
      Try
        records = Xojo.Data.ParseJSON(buffer)
        
        Dim rec As Xojo.Core.Dictionary = records(0)
        If rec.Value("token_type") = "bearer" Then
          // save new access token in property
          Self.access_token = rec.Value("access_token")
          
          // Now go an make more API calls
          GoUseWebService
        End If
        
      Catch
        Dim jError As xojo.Data.InvalidJSONException
        MsgBox jError.Message + EndOfLine + EndOfLine + jError.Reason
        Break
      End Try
      
    Else
      MsgBox("Status: " + Str(HTTPStatus) + EndOfLine + EndOfLine + Content.ToString)
    End If

    Once we have the access-token, then we use it to authenticate subsequent api calls, for instance we may have a method 'GoUseWebService ' with code like this:

      Self.sock.RequestHeader("Authorization")= "Bearer " + Self.access_token
      
      // Set the URL with pagination parameter
      Dim url As Text = "https://myserver.com/wp-json/wp/v2/media/?per_page=100"
      
      // Example for 5 pictures per page, show page 2 :
      ' Dim url As Text = "https://myserver.com/wp-json/wp/v2/media/?per_page=5&page=2"
      
      // Send Asynchronous Request
      Self.sock.Send("GET",url)

or Sign Up to reply!