Oauth2 (Dropbox) on iOS
merakosp at gmail.com
Wed Jul 25 16:21:29 CEST 2018
BTW if you want to add a whitelist for ATS in the plist, here are some more
details on which keys/values you need and how to add them:
On Wed, Jul 25, 2018 at 3:16 PM, panagiotis merakos <merakosp at gmail.com>
> Hi Ben,
> The "App URL Query Whitelist" field is for specifying a list of custom
> url schemes that the standalone can launch (using the "launch URL
> custom_url_scheme" command) on iOS 9+.
> See bug https://quality.livecode.com/show_bug.cgi?id=18687 for more
> On Wed, Jul 25, 2018 at 2:56 PM, Ben Rubinstein via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>> Aha! Thanks Sean, that was a good tip: I now understand the problem.
>> On simulator, my cut-down test app worked fine.
>> On device, console shows:
>>> App Transport Security has blocked a cleartext HTTP (http://) resource
>>> load since it is insecure. Temporary exceptions can be configured via your
>>> app's Info.plist file.
>> The Oauth2 library requires the redirect URL to be of the form
>> `http://127.0.0.1:port` - you pass the port number to the library, it
>> assumes the `http://127.0.0.1`.
>> The Dropbox app setup allows you to specify an HTTP redirect (but only
>> for localhost redirect URLs). So this is all good - except it appears that
>> iOS is not so happy! Not sure why an http connection to localhost should be
>> insecure, but there you go. (Or indeed why ATS doesn't kick in on the
>> I've posted a report in the QCC (#21442) to extend Oauth2 command to in
>> some way allow the redirect URL to be HTTPs.
>> In the meantime, I resigned myself to doing a custom info.plist, but
>> found something that I'd not spotted before in the iOS Standalone Spp
>> Settings: "App URL Query Whitelist" - which I thought might be exactly what
>> I needed. Although I couldn't find any documentation for it.
>> I still don't know what it does - but it doesn't do this! Does anyone
>> know what it does do?
>> There is also a checkbox "Disable ATS" - checking this displays a dire
>> warning, doubtless correctly; but does indeed provide an easier way to
>> solve the problem, at least for development. What it would do to your
>> chances of getting an app into the App Store is another question.
>> I've also added a report in the QC (#21444) - I thought I'd done this
>> before, but maybe I just whinged on the mailing lists - for the Standalone
>> Builder to support generic additions to the info.plist rather than
>> requiring a completely separate one for anything unsupported.
>> On 24/07/2018 22:22, Pi Digital via use-livecode wrote:
>>> Open a console with either the device connected or the simulator and see
>>> what calls are made when the allow button is pressed
>>> On 24 Jul 2018, at 19:20, Ben Rubinstein via use-livecode <
>>>> use-livecode at lists.runrev.com> wrote:
>>>> I feel I've been through this before, but I've not been on it for a
>>>> while, and I'm still (again) stuck.
>>>> Using Oauth2 to connect an app to the Dropbox API works fine on desktop.
>>>> On iOS, I get the overlay; with the Dropbox log-in; I sign in, and it
>>>> then shows the message that this app would like access to the files in
>>>> Dropbox, with buttons (from Dropbox) Cancel or Allow (and a link "Learn
>>>> However, neither the Cancel nor Allow buttons do anything. Fortunately
>>>> there is now an LC 'cancel' button at the bottom of the overlay (thanks
>>>> Monte! https://github.com/livecode/livecode/pull/6315).
>>>> But something's not happening which should (I assume) happen when the
>>>> user touches "Allow". (There is a tiny bit of visible feedback.)
>>>> I know on a previous occasion I solved my issue with inclusions, but I
>>>> don't think that's the problem this time. I have (manual inclusions) the
>>>> Browser widget, the JSON and Oauth2 libraries, and the internet library.
>>>> The call to Oauth2 is wrapped in a try block, and I'm not seeing a catch
>>>> (can't be sure that I would, but when I use the new emergency cancel, my
>>>> script just reports "Not authorised" where if I drop the Oauth2 library, I
>>>> get a dialog reporting the catch).
>>>> What am I missing? Is anyone else able to succesfully connect to
>>>> Dropbox using the Oauth2 library on LC 9.0.0, iOS 9.3 (or any similar
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
More information about the use-livecode