On Nov 6, 2014, at 11:48 AM, Michael Cooper <[email protected]> wrote:
> Francisco, Sean > > Those are both really great to hear+. Especially the redirects feature > of the manifest file is really useful. I have several flow diagrams in a > notepad on my desk, all of them are scribbled out, and have big question > marks between the app and the server after the redirect. This simplifies > things a lot, thanks. > > I still need to figure out what the redirect url for BuddyUp will be, > I'll let you know when I've figured that out, and then we can set up a > client_id, etc. Does that sound good? > We can certainly accommodate non-http redirect URLs. We already do with Loop, but I need to look into what Francisco references to make sure we can support your use case properly. Michael, what redirect URL would you like for the BuddyUP app? -chris > -M > > ----- Original Message ----- >> From: "Francisco Jordano" <[email protected]> >> To: "Sean McArthur" <[email protected]> >> Cc: "Michael Cooper" <[email protected]>, [email protected], >> [email protected], "Support Engineering" >> <[email protected]> >> Sent: Thursday, November 6, 2014 5:00:09 AM >> Subject: Re: Firefox Accounts, SUMO, and BuddyUp >> >> Hi all, >> >> unfortunately there is no much documentation how a package app works with >> OAuth, but it does :) >> >> The key is on the manifest, we have a special field call 'redirects', which >> will make gecko to redirect any url to a local file, an example of this: >> >> https://github.com/arcturus/firefoxos-contacts-importer/blob/master/importer/manifest.webapp#L24-L27 >> >> "redirects": [ >> {"from": "http://postmessageitor.eu01.aws.af.cm/";, >> "to": "/redirect.html"} >> ] >> >> Basically the url register in the OAuth service for the callback action >> (redirect_uri) was 'http://postmessageitor.eu01.aws.af.cm/', gecko will >> redirect the request (with all headers, and parameters) to the local file >> '/redirect.html', and from them follow the process commented by Sean. >> >> Cheers, >> F. >> >> >> ----- Original Message ----- >> From: "Sean McArthur" <[email protected]> >> To: "Michael Cooper" <[email protected]> >> Cc: [email protected], [email protected], "Support Engineering" >> <[email protected]> >> Sent: Thursday, November 6, 2014 2:51:18 AM >> Subject: Re: Firefox Accounts, SUMO, and BuddyUp >> >> I don't have much understanding on how packaged apps and app URIs work, but I >> know the OAuth side :) >> >> You could try this: register a client for BuddyUp, with the redirect_uri >> pointing at (assuming Firefox OS supports this) `buddy-up://oauth/return`. >> You'll receive the query parameters `code` and `state`. You could then >> either, a) finish the dance by POSTing the code and client_secret straight >> to the OAuth server from the device, or b) POST the code to the sumo server, >> and allow it to fetch the token, store it in the db, and return it to the >> packaged app. >> >> a) has the downside of needing the secret to be packaged into the app, which >> is probably a no-go. >> >> On Wed, Nov 5, 2014 at 5:17 PM, Michael Cooper < [email protected] > wrote: >> >> >> I was reading the docs for Firefox Accounts [0]. They say that to become a >> relying service, we need to email to get a client ID and secret to use >> Firefox >> Account's OAuth2 provider. >> >> BuddyUp is an app that consumes SUMO APIs to provide a platform for users to >> ask and answer questions. Simply put, it's a Q/A app. We hope to have it >> installed by default in the future, and it will be a packaged app. >> >> I have a few questions about the OAuth process. Would it be possible to make >> the redirect URI a link into an app? It would be preferable if the app could >> get the OAuth callback directly, instead of SUMO having to some how relaunch >> the app. >> >> If that isn't possible, do you have any advice for using the OAuth flow from >> inside an app? I suppose it would also be possible to use the native >> BrowserID >> inspired APIs, but I understand that the OAuth2 flow is the preferred way >> going >> forward. >> >> Thanks, >> --Mike Cooper >> >> [0]: https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_OS >> _______________________________________________ >> Dev-fxacct mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/dev-fxacct >> >> >> _______________________________________________ >> Buddyup mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/buddyup >> > _______________________________________________ > Dev-fxacct mailing list > [email protected] > https://mail.mozilla.org/listinfo/dev-fxacct _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
