Oauth2 (Dropbox) on iOS

Ben Rubinstein benr_mc at cogapp.com
Wed Jul 25 16:54:03 CEST 2018


Hi Panos,

Thanks for looking this up for me.

I've been trying with some variations of this - so far without success!

QC #21444 would also help!

best regards,

Ben

On 25/07/2018 15:21, panagiotis merakos wrote:
> BTW if you want to add a whitelist for ATS in the plist, here are some more 
> details on which keys/values you need and how to add them:
> 
> http://forums.livecode.com/viewtopic.php?f=49&t=28294
> 
> Best,
> Panos
> --
> 
> On Wed, Jul 25, 2018 at 3:16 PM, panagiotis merakos <merakosp at gmail.com 
> <mailto:merakosp at gmail.com>> wrote:
> 
>     Hi Ben,
> 
>     The "App URL Query Whitelist" field is for specifying a list of custom url
>     schemes that the standalone can launch (using the "launch URL
>     custom_url_scheme" command) on iOS 9+.
> 
>     See bug https://quality.livecode.com/show_bug.cgi?id=18687
>     <https://quality.livecode.com/show_bug.cgi?id=18687> for more details.
> 
>     Best,
>     Panos
>     --
> 
>     On Wed, Jul 25, 2018 at 2:56 PM, Ben Rubinstein via use-livecode
>     <use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>> wrote:
> 
>         Aha! Thanks Sean, that was a good tip: I now understand the problem.
> 
>         On simulator, my cut-down test app worked fine.
> 
>         On device, console shows:
> 
>             App Transport Security has blocked a cleartext HTTP (http://)
>             resource load since it is insecure. Temporary exceptions can be
>             configured via your app's Info.plist file.
> 
> 
>         The Oauth2 library requires the redirect URL to be of the form
>         `http://127.0.0.1:port` - you pass the port number to the library, it
>         assumes the `http://127.0.0.1`.
> 
>         The Dropbox app setup allows you to specify an HTTP redirect (but only
>         for localhost redirect URLs). So this is all good - except it appears
>         that iOS is not so happy! Not sure why an http connection to localhost
>         should be insecure, but there you go. (Or indeed why ATS doesn't kick
>         in on the simulator?)
> 
>         I've posted a report in the QCC (#21442) to extend Oauth2 command to
>         in some way allow the redirect URL to be HTTPs.
> 
>         In the meantime, I resigned myself to doing a custom info.plist, but
>         found something that I'd not spotted before in the iOS Standalone Spp
>         Settings: "App URL Query Whitelist" - which I thought might be exactly
>         what I needed. Although I couldn't find any documentation for it.
> 
>         I still don't know what it does - but it doesn't do this! Does anyone
>         know what it does do?
> 
>         There is also a checkbox "Disable ATS" - checking this displays a dire
>         warning, doubtless correctly; but does indeed provide an easier way to
>         solve the problem, at least for development. What it would do to your
>         chances of getting an app into the App Store is another question.
> 
>         I've also added a report in the QC (#21444) - I thought I'd done this
>         before, but maybe I just whinged on the mailing lists - for the
>         Standalone Builder to support generic additions to the info.plist
>         rather than requiring a completely separate one for anything unsupported.
> 
>         Ben
> 
> 
>         On 24/07/2018 22:22, Pi Digital via use-livecode wrote:
> 
>             Open a console with either the device connected or the simulator
>             and see what calls are made when the allow button is pressed
> 
> 
>                 On 24 Jul 2018, at 19:20, Ben Rubinstein via use-livecode
>                 <use-livecode at lists.runrev.com
>                 <mailto:use-livecode at lists.runrev.com>> wrote:
> 
>                 I feel I've been through this before, but I've not been on it
>                 for a while, and I'm still (again) stuck.
> 
>                 Using Oauth2 to connect an app to the Dropbox API works fine
>                 on desktop.
> 
>                 On iOS, I get the overlay; with the Dropbox log-in; I sign in,
>                 and it then shows the message that this app would like access
>                 to the files in Dropbox, with buttons (from Dropbox) Cancel or
>                 Allow (and a link "Learn more").
> 
>                 However, neither the Cancel nor Allow buttons do anything.
>                 Fortunately there is now an LC 'cancel' button at the bottom
>                 of the overlay (thanks Monte!
>                 https://github.com/livecode/livecode/pull/6315
>                 <https://github.com/livecode/livecode/pull/6315>).
> 
>                 But something's not happening which should (I assume) happen
>                 when the user touches "Allow". (There is a tiny bit of visible
>                 feedback.)
> 
>                 I know on a previous occasion I solved my issue with
>                 inclusions, but I don't think that's the problem this time. I
>                 have (manual inclusions) the Browser widget, the JSON and
>                 Oauth2 libraries, and the internet library. The call to Oauth2
>                 is wrapped in a try block, and I'm not seeing a catch (can't
>                 be sure that I would, but when I use the new emergency cancel,
>                 my script just reports "Not authorised" where if I drop the
>                 Oauth2 library, I get a dialog reporting the catch).
> 
>                 What am I missing? Is anyone else able to succesfully connect
>                 to Dropbox using the Oauth2 library on LC 9.0.0, iOS 9.3 (or
>                 any similar environments)?
> 
>                 TIA,
> 
>                 Ben
> 
> 
>                 _______________________________________________
>                 use-livecode mailing list
>                 use-livecode at lists.runrev.com
>                 <mailto:use-livecode at lists.runrev.com>
>                 Please visit this url to subscribe, unsubscribe and manage
>                 your subscription preferences:
>                 http://lists.runrev.com/mailman/listinfo/use-livecode
>                 <http://lists.runrev.com/mailman/listinfo/use-livecode>
> 
> 
> 
>             _______________________________________________
>             use-livecode mailing list
>             use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>
>             Please visit this url to subscribe, unsubscribe and manage your
>             subscription preferences:
>             http://lists.runrev.com/mailman/listinfo/use-livecode
>             <http://lists.runrev.com/mailman/listinfo/use-livecode>
> 
> 
>         _______________________________________________
>         use-livecode mailing list
>         use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>
>         Please visit this url to subscribe, unsubscribe and manage your
>         subscription preferences:
>         http://lists.runrev.com/mailman/listinfo/use-livecode
>         <http://lists.runrev.com/mailman/listinfo/use-livecode>
> 
> 
> 



More information about the use-livecode mailing list