I think a decent choice would be to make the redirect URL "https://support.mozilla.org/redirects/buddyup-fxa-oauth";. That gives SUMO the ability to catch situations where the BuddyUp app doesn't work as expected (and probably give an error message), and also give the BuddyUp app a way to hijack those redirects to point to a local file, with the "redirects" manifest key.
----- Original Message ----- > From: "Chris Karlof" <[email protected]> > To: "Michael Cooper" <[email protected]> > Cc: "Francisco Jordano" <[email protected]>, [email protected], > [email protected], "Support Engineering" > <[email protected]>, "Sean McArthur" <[email protected]> > Sent: Friday, November 7, 2014 10:12:49 AM > Subject: Re: Firefox Accounts, SUMO, and BuddyUp > > > On Nov 6, 2014, at 11:48 AM, Michael Cooper <[email protected]> wrote: > > > Francisco, Sean > > > > Those are both really great to hear+. Especially the redirects feature > > of the manifest file is really useful. I have several flow diagrams in a > > notepad on my desk, all of them are scribbled out, and have big question > > marks between the app and the server after the redirect. This simplifies > > things a lot, thanks. > > > > I still need to figure out what the redirect url for BuddyUp will be, > > I'll let you know when I've figured that out, and then we can set up a > > client_id, etc. Does that sound good? > > > > We can certainly accommodate non-http redirect URLs. We already do with Loop, > but I need to look into what Francisco references to make sure we can > support your use case properly. Michael, what redirect URL would you like > for the BuddyUP app? > > -chris > > > > > > -M > > > > ----- Original Message ----- > >> From: "Francisco Jordano" <[email protected]> > >> To: "Sean McArthur" <[email protected]> > >> Cc: "Michael Cooper" <[email protected]>, [email protected], > >> [email protected], "Support Engineering" > >> <[email protected]> > >> Sent: Thursday, November 6, 2014 5:00:09 AM > >> Subject: Re: Firefox Accounts, SUMO, and BuddyUp > >> > >> Hi all, > >> > >> unfortunately there is no much documentation how a package app works with > >> OAuth, but it does :) > >> > >> The key is on the manifest, we have a special field call 'redirects', > >> which > >> will make gecko to redirect any url to a local file, an example of this: > >> > >> https://github.com/arcturus/firefoxos-contacts-importer/blob/master/importer/manifest.webapp#L24-L27 > >> > >> "redirects": [ > >> {"from": "http://postmessageitor.eu01.aws.af.cm/";, > >> "to": "/redirect.html"} > >> ] > >> > >> Basically the url register in the OAuth service for the callback action > >> (redirect_uri) was 'http://postmessageitor.eu01.aws.af.cm/', gecko will > >> redirect the request (with all headers, and parameters) to the local file > >> '/redirect.html', and from them follow the process commented by Sean. > >> > >> Cheers, > >> F. > >> > >> > >> ----- Original Message ----- > >> From: "Sean McArthur" <[email protected]> > >> To: "Michael Cooper" <[email protected]> > >> Cc: [email protected], [email protected], "Support Engineering" > >> <[email protected]> > >> Sent: Thursday, November 6, 2014 2:51:18 AM > >> Subject: Re: Firefox Accounts, SUMO, and BuddyUp > >> > >> I don't have much understanding on how packaged apps and app URIs work, > >> but I > >> know the OAuth side :) > >> > >> You could try this: register a client for BuddyUp, with the redirect_uri > >> pointing at (assuming Firefox OS supports this) `buddy-up://oauth/return`. > >> You'll receive the query parameters `code` and `state`. You could then > >> either, a) finish the dance by POSTing the code and client_secret straight > >> to the OAuth server from the device, or b) POST the code to the sumo > >> server, > >> and allow it to fetch the token, store it in the db, and return it to the > >> packaged app. > >> > >> a) has the downside of needing the secret to be packaged into the app, > >> which > >> is probably a no-go. > >> > >> On Wed, Nov 5, 2014 at 5:17 PM, Michael Cooper < [email protected] > > >> wrote: > >> > >> > >> I was reading the docs for Firefox Accounts [0]. They say that to become a > >> relying service, we need to email to get a client ID and secret to use > >> Firefox > >> Account's OAuth2 provider. > >> > >> BuddyUp is an app that consumes SUMO APIs to provide a platform for users > >> to > >> ask and answer questions. Simply put, it's a Q/A app. We hope to have it > >> installed by default in the future, and it will be a packaged app. > >> > >> I have a few questions about the OAuth process. Would it be possible to > >> make > >> the redirect URI a link into an app? It would be preferable if the app > >> could > >> get the OAuth callback directly, instead of SUMO having to some how > >> relaunch > >> the app. > >> > >> If that isn't possible, do you have any advice for using the OAuth flow > >> from > >> inside an app? I suppose it would also be possible to use the native > >> BrowserID > >> inspired APIs, but I understand that the OAuth2 flow is the preferred way > >> going > >> forward. > >> > >> Thanks, > >> --Mike Cooper > >> > >> [0]: https://developer.mozilla.org/en-US/Firefox_Accounts#Firefox_OS > >> _______________________________________________ > >> Dev-fxacct mailing list > >> [email protected] > >> https://mail.mozilla.org/listinfo/dev-fxacct > >> > >> > >> _______________________________________________ > >> Buddyup mailing list > >> [email protected] > >> https://mail.mozilla.org/listinfo/buddyup > >> > > _______________________________________________ > > Dev-fxacct mailing list > > [email protected] > > https://mail.mozilla.org/listinfo/dev-fxacct > > _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
