Hi,
I am working on a desktop application where i have to received a connection (redirect) from a website that is sending me a client code. I then use the client code inside my desktop app to communicate back and forth. how can i approach this in xojo?
UrlConnection: URLConnection — Xojo documentation
Usually, connecting to a web API means starting hard at the API and trying different things because every API has different magic incantations.
Most APIs that you’re allowed to use are documented. I have never had to perform magic incantations. I even have URLConnection code for connecting to AWS – it does NOT require a plugin (as the vendors would have you believe).
If you need expert help with implementation, remote REST APIs are one of my areas of expertise.
I initially thought about using urlconnection. The problem here is that i need to provide a “callback” url (address - https://localhost:3333) to a third party website so that they can send me a code to the url address i provided.
All this needs to happen inside the desktop app, so the desktop app needs to listen to any incoming request via https and proceed accordingly. I wanted to see what was the easiest way to accomplish this.
Maybe urlconnection has a way to set a address and port and listen to incoming request but i am not sure after reading the docs. TIA
Register a URI Handler on the system and provide a callback address of something like myapp://
The plugin vendors would have you believe you need to launch a local web server, but that is the bad for battery life way to do so that once got Dropbox in trouble with Apple.
Yeah, but the requirements are for the desktop app to listen via https for a redirect from the third party. It has to be a secured connection. I was thinking of using the TCPSocket control but then i would have to learn the http protocol so i wanted to find an easier way to do it with the httpsocket control but not sure.
So the this isn’t oAuth? Are you sure the service is meant to be used by the end user on a desktop application? Is the documentation for the service available? It would be unreasonable, if not impossible to ask end users to get a SSL certificate to communicate with the service.
You would be significantly better off having the service send the callback to a server you control, which your app can retrieve the data from. There’s no built-in HTTP server. There are third party solutions - one originally authored by myself - but I don’t know if they support HTTP 1.1, which is pretty much required these days. But as Tim mentioned, the SSL certificate is the biggest roadblock. You can’t get a certificate for an ip address, and you can’t expect users to have a domain. Any “good” callback system will require SSL. I also suspect this callback is also known as a webhook, which again, is intended as a server-to-server thing.
If you really want to pursue a local server, I suspect you’ll need to rely on something like ngrok to get an SSL-backed domain to connect to the local server. You still need the HTTP server, which is no small task, but it would at least solve part of the problem. Assuming ngrok can be licensed…
I am writing a custom desktop app. I am trying to get permissions for the device I am trying to connect. To do this i have two options simple OAuth where i need a server or PKCE OAuth where i can actually connect to a native app or desktop without a server via a redirect. I am trying to do the PKCE option and for that, my desktop app (since there is no need for a server) needs to receive a https redirect with the information needed.
I am trying to avoid getting a server and using react native. I wanted to give Xojo a spin to see how it could work. So far i can only think of the TCPSocket but i will have to write the socket to understand the http protocol. Again, I am trying to see how much i can get done with Xojo. If this is not possible its ok, i can quickly get a react native app running with no issues.
Again, thank you for your help and time.
Hi tim, this is OAuth but i am trying to do this with PKCE so a backend server is not needed as per the docs.
I’m struggling to understand how SSL is a requirement at all. The oAuth flow for desktop / mobile apps is to use a Custom URI handler to receive the redirect / callback information: Redirect URLs for Native Apps - OAuth 2.0 Simplified
Well, it’s all in the name of security…I guess. I tried the first article you shared: Register a URI handler and used the demo:// uri example. When i tried it locally, it worked. When i tried to provide this to the third party company’s page the redirect url field gives me an error saying that it needs to be https (maybe that is the reason i mentioned SSL). I have also tried to overwrite the https uri with my own https://app.myapp.com and the browser does not redirect to my app. It tries to open the address.
I am trying to connect to a square terminal via my custom desktop app written in Xojo.
If this really works like you are describing – the remote web server has to connect over the network to a web server running on your local machine – then you’re almost certainly never going to make that happen in a way that will work everywhere. The vast majority of users are accessing the internet from behind one or more routers and/or firewalls, which will prohibit any incoming connections to your local machine. This is by design and is an important security measure. It is possible to “punch a hole” through a router/firewall to allow incoming connections but it is a fiddly process and most network admin will not permit this due to the security implications.
BTW, none of this has anything to do with Xojo. This is how modern networks are secured and these restrictions affect all devices on the network running any manner of software.
Oh, so it’s a requirement of the provider. Gotcha. You’ll have to contact them to see why that may be.
The Square documentation suggests to use the local webserver approach, which holy cow what a waste. The documentation inconsistency between calling the redirect a URI and URL does not inspire confidence.
From what I’m reading here, it looks like they will allow non-https for the local webserver approach.
If you have access to Xojo Web, you could shortcut a bunch of work by bundling in a Xojo Web app to handle the callback/redirect.
(Edit: Language - post coffee clarity)
Hey @Tim_Parnell thank i so much for responding. On the square page you sent, it says for production….u r right for local dev.
There are several requirements for a production redirect URL. These include:
- The URL must use HTTPS.
- The endpoint must be able to process the GET response from the seller’s authorization through the Square authorization web page. This includes securely storing the access and refresh tokens and the
code_verifierif you’re using the PKCE flow.
That is the reason i was saying SSL since to use https you have to get a cert. now to ur comment about a xojo web app. If i create a xojo web app to receive the code, i will still need to get a cert but also how would i go about sending the code to a desktop app. Wouldn’t i be in the same predicament? I am kind of new to xojo.
The section titled “Use dynamic ports for PKCE redirect URLs” suggests https is not required for the local-webserver flow.
As I mentioned above it would be unreasonable, if not impossible to get end-users SSL certificates for local servers.
Thank you Tim… i am just doing this to learn. By the way, no need for OAuth because again this app is just so i can learn not to sale. So by using my seller token i dont need OAuth for permissions.