All geek questions in one place

OAuth Mobile Callback Procedure

I am developing a Netflix app for BlackBerry mobile devices. I am currently working on OAuth. I am at a point where I can create a Netflix login page in the built-in browser field in my application.

After the user logs in, Netflix will send the user from the login page to the specified callback URL. The callback URL will also contain an authorized token, which is then required to send back to Netflix.

My question is: how should I do this on a mobile device? Is the procedure established? I do not know how I can extract the authorized token from the callback URL and send it back to my application. It’s not clear from my research that Netflix will provide a PIN / verifier so that the user can enter it into the application ...

Does anyone have any ideas?

Thanks...

+4
source share
3 answers

Instead of embedding a browser, you might be better off creating a seamless (browser-free) user interface by simply letting the mobile application do all the necessary handshakes using netflix. You will need to configure the public domain server as your callback server for OAuth, and you have negotiations with your new session key / secret key and transfer it back to your device. At the same time, the device will need to maintain an open http connection with your public server in order to finally obtain credentials and continue to request user data directly from netflix. There should be no more than 15 seconds throughout the tour, so HTTP timeouts should not be a problem. You need to first examine (for example, "screen capture") the html login netflix page to extract the necessary / corresponding html form parameter names, etc. Good luck.

+2
source

There are two ways to solve callbacks on mobile devices. The first is to set the oauth_callback value to "oob". This is done if your device cannot receive callbacks. See OAuth Specification, Section 2.1:

Temporary Credentials

Using "oob" should force the server (Netflix) to display a verification code, which the user then enters into your application to authorize the request token.

The second way, if your device supports it, is to use a custom URI scheme. I know that on iPhones you can register a callback using the special scheme assigned to your application. Is there any way to do this on a BlackBerry? If so, I would use this approach, since it is much better used.

+4
source

Source: https://habr.com/ru/post/1299171/

More articles:


All Articles