Francisco, Sean Those are both really great to hear+. Especially the redirects feature of the manifest file is really useful. I have several flow diagrams in a notepad on my desk, all of them are scribbled out, and have big question marks between the app and the server after the redirect. This simplifies things a lot, thanks.
I still need to figure out what the redirect url for BuddyUp will be, I'll let you know when I've figured that out, and then we can set up a client_id, etc. Does that sound good? -M ----- Original Message ----- > From: "Francisco Jordano" <[email protected]> > To: "Sean McArthur" <[email protected]> > Cc: "Michael Cooper" <[email protected]>, [email protected], > [email protected], "Support Engineering" > <[email protected]> > Sent: Thursday, November 6, 2014 5:00:09 AM > Subject: Re: Firefox Accounts, SUMO, and BuddyUp > > Hi all, > > unfortunately there is no much documentation how a package app works with > OAuth, but it does :) > > The key is on the manifest, we have a special field call 'redirects', which > will make gecko to redirect any url to a local file, an example of this: > > https://github.com/arcturus/firefoxos-contacts-importer/blob/master/importer/manifest.webapp#L24-L27 > > "redirects": [ > {"from": "http://postmessageitor.eu01.aws.af.cm/";, > "to": "/redirect.html"} > ] > > Basically the url register in the OAuth service for the callback action > (redirect_uri) was 'http://postmessageitor.eu01.aws.af.cm/', gecko will > redirect the request (with all headers, and parameters) to the local file > '/redirect.html', and from them follow the process commented by Sean. > > Cheers, > F. > > > ----- Original Message ----- > From: "Sean McArthur" <[email protected]> > To: "Michael Cooper" <[email protected]> > Cc: [email protected], [email protected], "Support Engineering" > <[email protected]> > Sent: Thursday, November 6, 2014 2:51:18 AM > Subject: Re: Firefox Accounts, SUMO, and BuddyUp > > I don't have much understanding on how packaged apps and app URIs work, but I > know the OAuth side :) > > You could try this: register a client for BuddyUp, with the redirect_uri > pointing at (assuming Firefox OS supports this) `buddy-up://oauth/return`. > You'll receive the query parameters `code` and `state`. You could then > either, a) finish the dance by POSTing the code and client_secret straight > to the OAuth server from the device, or b) POST the code to the sumo server, > and allow it to fetch the token, store it in the db, and return it to the > packaged app. > > a) has the downside of needing the secret to be packaged into the app, which > is probably a no-go. > > On Wed, Nov 5, 2014 at 5:17 PM, Michael Cooper < [email protected] > wrote: > > > I was reading the docs for Firefox Accounts [0]. They say that to become a > relying service, we need to email to get a client ID and secret to use > Firefox > Account's OAuth2 provider. > > BuddyUp is an app that consumes SUMO APIs to provide a platform for users to > ask and answer questions. Simply put, it's a Q/A app. We hope to have it > installed by default in the future, and it will be a packaged app. > > I have a few questions about the OAuth process. Would it be possible to make > the redirect URI a link into an app? It would be preferable if the app could > get the OAuth callback directly, instead of SUMO having to some how relaunch > the app. > > If that isn't possible, do you have any advice for using the OAuth flow from > inside an app? I suppose it would also be possible to use the native > BrowserID > inspired APIs, but I understand that the OAuth2 flow is the preferred way > going > forward. > > Thanks, > --Mike Cooper > > [0]: https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_OS > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct > > > _______________________________________________ > Buddyup mailing list > [email protected] > https://mail.mozilla.org/listinfo/buddyup > _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
