Hi all, unfortunately there is no much documentation how a package app works with OAuth, but it does :)
The key is on the manifest, we have a special field call 'redirects', which will make gecko to redirect any url to a local file, an example of this: https://github.com/arcturus/firefoxos-contacts-importer/blob/master/importer/manifest.webapp#L24-L27 "redirects": [ {"from": "http://postmessageitor.eu01.aws.af.cm/";, "to": "/redirect.html"} ] Basically the url register in the OAuth service for the callback action (redirect_uri) was 'http://postmessageitor.eu01.aws.af.cm/', gecko will redirect the request (with all headers, and parameters) to the local file '/redirect.html', and from them follow the process commented by Sean. Cheers, F. ----- Original Message ----- From: "Sean McArthur" <[email protected]> To: "Michael Cooper" <[email protected]> Cc: [email protected], [email protected], "Support Engineering" <[email protected]> Sent: Thursday, November 6, 2014 2:51:18 AM Subject: Re: Firefox Accounts, SUMO, and BuddyUp I don't have much understanding on how packaged apps and app URIs work, but I know the OAuth side :) You could try this: register a client for BuddyUp, with the redirect_uri pointing at (assuming Firefox OS supports this) `buddy-up://oauth/return`. You'll receive the query parameters `code` and `state`. You could then either, a) finish the dance by POSTing the code and client_secret straight to the OAuth server from the device, or b) POST the code to the sumo server, and allow it to fetch the token, store it in the db, and return it to the packaged app. a) has the downside of needing the secret to be packaged into the app, which is probably a no-go. On Wed, Nov 5, 2014 at 5:17 PM, Michael Cooper < [email protected] > wrote: I was reading the docs for Firefox Accounts [0]. They say that to become a relying service, we need to email to get a client ID and secret to use Firefox Account's OAuth2 provider. BuddyUp is an app that consumes SUMO APIs to provide a platform for users to ask and answer questions. Simply put, it's a Q/A app. We hope to have it installed by default in the future, and it will be a packaged app. I have a few questions about the OAuth process. Would it be possible to make the redirect URI a link into an app? It would be preferable if the app could get the OAuth callback directly, instead of SUMO having to some how relaunch the app. If that isn't possible, do you have any advice for using the OAuth flow from inside an app? I suppose it would also be possible to use the native BrowserID inspired APIs, but I understand that the OAuth2 flow is the preferred way going forward. Thanks, --Mike Cooper [0]: https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_OS _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct _______________________________________________ Buddyup mailing list [email protected] https://mail.mozilla.org/listinfo/buddyup _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
