Collaborative help request for oAuth2 access to DocuSign

KOOB mkoob at rogers.com
Sun Jun 13 07:59:05 EDT 2021


Hi again

The following link shows the oAuth2 code flow.

https://auth0.com/docs/flows/authorization-code-flow

The issue is in steps 5 - 10 where information is sent between Web app and the Auth0 Authorization Server ‘Auth0 tennant’. 

As I understand it that exchange can’t occur between a desktop app and the Auth0 Authorization Server.

“Your app must be server-side because during this exchange, you must also pass along your application's Client Secret, which must always be kept secure, and you will have to store it in your client”

So the solution as I see it is have your own web App inserted into that process to communicate with the Auth0 Authorization Server.  Your Desktop app would then use your Web App to gain access to the API of the LMS or what ever service.

Again this understanding may be wrong.  Let me know if I have this wrong.

Martin


Sent from my iPad

> On Jun 13, 2021, at 7:27 AM, KOOB <mkoob at rogers.com> wrote:
> 
> Hi
> 
> I tried to get a desktop App to sign into an LMS using LTI last summer and came up on a roadblock.  The issue is that as I remember (and this is a fuzzy memory) is that with oAuth2 you send the credentials and at the end of the process the site sends a callback with the token you need to access the pages on the site but it has to be sent via https.  
> 
> The problem with a desktop app is you cannot set it up as a server with a certificate for the https connection to wait for and receive the callback with the token.  So you get the result you see in the video in the previous message. The Browser widget can get the login page and submit the credentials but it doesn’t get the callback so the login process stalls right there.
> 
> The only way I thought it could be done is set up a web site that you supply as the callback address that you would send the oAuth2 request to.  It would then connect to the LMS.  The LMS would send the callback with the token to your server and then your server would send the token back to the desktop app to be used for subsequent calls to the LMS.
> 
> *WARNING: this is from my fuzzy memory and I may be misunderstanding the oAuth2 process.  Please correct me if I have any of this wrong.
> 
> BTW I would be interested in a collaborative project to create a LiveCode+LiveCode Server solution to this.   I have notes somewhere on what I did with the prototype stack if anyone is interested.  I did not get to the step of trying the server solution above, that was to be the next step if I had continued with that line of experimentation.   I pivoted over to using xAPI to communicate with a Learning Record Store (LRS) by joining the xAPI Cohort and working with the team #xapi-in-livecode which Brian Duck set up and leads. That was much more successful. No oAuth2 required.  Just post statements to the LRS endpoint.  To get the ultimate features I want  I still think I need to get a desktop App to connect with an LMS so that means cracking the oAuth2 from a desktop app nut.
> 
> Martin Koob
> 
> (Fuzzy logic is good, Fuzzy memory is bad.)
> 
> Sent from my iPad
> 
>> On Jun 11, 2021, at 7:55 PM, matthias rebbe via use-livecode <use-livecode at lists.runrev.com> wrote:
>> Sean,
>> 
>> could you please try and remove the tParamsA parameter in your oAuth2 call?
>> 
>> I noticed that the oauth2 library itself places the  "?response_type=code" parameter to the url. So with the tParamsA parameter it was twice in the URL.
>> 
>> I removed the tParamsA parameter in your call and was at least able to login and the browser windows closed. I  did not test further as it is a little late here.
>> 
>> 
>> See also a screen recording here https://livecode.dermattes.de/sean.mp4
>> 
>> Regards,
>> 
>> Matthias
>> 
>> 
>> 
>> 
>> 
>>>> Am 11.06.2021 um 20:49 schrieb Sean Cole (Pi) via use-livecode <use-livecode at lists.runrev.com>:
>>> 
>>> Thanks Colin and Andrew.
>>> 
>>> I'll see if I can track down Monte. I know he's a busy man. But there must
>>> be a simple explanation of why they don't seem to work. oAuth should be
>>> pretty simple. I have done my own using a browser widget but it's a bit
>>> clunky for the customer. The oAuth seems to be a nicer option for coding
>>> and navigating if we can get it working.
>>> 
>>> All the best
>>> 
>>> Sean
>>> 
>>> 
>>> On Fri, 11 Jun 2021 at 17:20, Colin Kelly via use-livecode <
>>> use-livecode at lists.runrev.com> wrote:
>>> 
>>>> Same here, I couldn’t get oAuth working for Intelligent Office in LC but
>>>> using the same credentials it worked ok through Postman…
>>>> --
>>>> Colin Kelly
>>>> M 07951 920680<tel:07951920680>
>>>> From: use-livecode <use-livecode-bounces at lists.runrev.com> on behalf of
>>>> Andrew at MidWest Coast Media via use-livecode <
>>>> use-livecode at lists.runrev.com>
>>>> Reply to: How to use LiveCode <use-livecode at lists.runrev.com>
>>>> Date: Friday, 11 June 2021 at 17:13
>>>> To: "use-livecode at lists.runrev.com" <use-livecode at lists.runrev.com>
>>>> Cc: Andrew at MidWest Coast Media <andrew at midwestcoastmedia.com>
>>>> Subject: Re: Collaborative help request for oAuth2 access to DocuSign
>>>> I was never able to get oAuth working for Canvas LMS even though the same
>>>> workflow worked on Postman.
>>>> —Andrew Bell
>>>> Subject: Re: Collaborative help request for oAuth2 access to DocuSign
>>>> I?ve still not been able to make any headway with getting oAuth to work
>>>> for DocuSign. Anyone have any ideas?
>>>> Sean
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com<mailto:use-livecode at lists.runrev.com>
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode



More information about the use-livecode mailing list