LiveCode server as OAuth2 client for APIs?

Ralf Bitter rabit at revigniter.com
Fri Dec 8 06:01:24 EST 2023 

Hi Keith,

to avoid creating too much noise here, let's continue
the conversation on the revIgniter mailing list. You'll find my
answer there.


Ralf



On 07.12.2023 18:01, Keith Clarke via use-livecode wrote:
> Hi Ralf,
> Thanks for the guidance and updated formHelper script - and apologies to folks not using LiveCode Server or RevIgniter - I now realise this should have been posted on the use RevIgniter list.
> 
> I’ve now got a basic button that submits a form data post to the Salesforce authorisation server. However, there are a couple of issues, which are probably due to me misreading the user guide (again!) and/or getting confused over what markup goes into controller and view files for RevIgniter.
> 
> I’m using a controller file to prepare and add to the gData[] array both the form contents and submit button, which are then accessed in the view file, using the following...
> 
> <?	put gData["formOpen"] & gData["submit"] into tForm
>    return tForm	
> ?>
> 
> In the controller file, I first used the recipe for ‘Adding Hidden Input Fields’ to create an array for the third ‘hidden’ parameter of the rigFormOpen() function. This worked as a POST but all the hidden fields are visible in the view file’s html. This is rather insecure for authentication, revealing consumer_id (and in future, client_secret, which I’ll need to add to increase security once basic access is proven).
> 
> So, I’m hoping the rigFormHidden(tData) recipe can keep the hidden content ‘LiveCode-side' until post submission and out of the HTML. So far the hidden values don’t seem to be getting into the POST, as I’m getting an unsupported request type (so the ‘response_type=code’ is not being received).
> 
> I’m sure I am taking the wrong approach, as well as incorrect syntax in my controller handler - as if I understand things correctly, the way I’ve got parameter three of the rigFormOpen() call pointing at gData[‘hidden’] would, if successful, render the hidden contents visible in the view file’s html...
> 
>    # Prepare Salesforce login form
>    
>      # Load form helper library
>      rigLoadHelper "form"
>    
>    # Prepare hidden parameter data array
>      put “XXsomeClientIdXX" into aHidden["client_id"]
>      put URLencode(“XXsomeRedirectURLXX") into aHidden["redirect_uri"]
>      put "code" into aHidden["response_type"]
>      put rigFormHidden(aHidden) into gData["hidden"]
>      
>      # Prepare form
>      put rigFormOpen(“XXauthoirisationServerURLXX", “", gData["hidden"]) into gData["formOpen"]
>      
>      # Prepare submit button
>      put "sfLoginBtn" into aData["name"]
>      put "sfLoginBtn" into aData["id"]
>      put "btn btn-primary" into aData["class"]
>      put "submit" into aData["type"]
>      put "Salesforce Login" into aData["value"]
>      
>      put rigSubmitButton(aData) into gData["submit"]
>    
>    # put "Topic1,Topic2,Topic3" into gData["ListItems"]
> 
>    get rigLoadView("homeMainView")
> 
> I’m probably making multiple newbie errors, but I’ve been unable to find any worked examples of RevIgniter controller and view file markup for form posting. So, I’d be obliged for any hints and tips.
> Best,
> Keith
> 
>> On 6 Dec 2023, at 17:53, Ralf Bitter via use-livecode <use-livecode at lists.runrev.com> wrote:
>>
>> Hi Keith,
>>
>> using revIgniter you can always hard code the opening
>> form tag, this way you can use any URL as an action
>> attribute.
>>
>> However, your message has prompted me to change the
>> rigFormOpen() function so that you can override the
>> current URL with the value of an optional action
>> attribute included in the second parameter.
>> So, if you like, you can download the modified
>> version of the form helper at:
>>
>> https://github.com/revig/revigniter/blob/develop/system/helpers/formHelper.livecodescript
>>
>>
>> Ralf
>>
>>
>>
>> On 06.12.2023 11:00, Keith Clarke via use-livecode wrote:
>>> Hi folks,
>>> Does anyone have experience of using OAuth2 with LiveCode server, to log into third-party data sources for API access?
>>>   I am experimenting with a web based utility app that runs on LiveCode server & RevIgniter and I need to be able to log into a Salesforce.com <http://salesforce.com/> account to pull data into the app via APIs. I’m following the Salesforce Oauth 2.0 Web Server Flow for Web App Integration https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_web_server_flow.htm&type=5 and
>>> I’ve configured the LiveCode app as a connected app in a Salesforce developer instance, to create a consumer id, with which I can request an authorisation code. This requires a POST to a Salesforce endpoint, which, if successful redirects to a page on the Salesforce authorisation server to provide login credentials. This is where I’m stuck...
>>> The LiveCode OAuth2 library seems to be desktop centric (expecting any redirects via the loopback IP address of 127.0.0.1, rather than a URL); the RevIgniter forms library seems to support posts to URLs within the LiveCode app but not third party URLs; and if I create a LiveCode file to ‘post data to URL tSalesforceAuthURL’ from within RevIgniter, I can’t see any option to follow redirects and so, unsurprisingly, the page URL doesn’t change.
>>> Any advice greatly appreciated.
>>> Best,
>>> Keith

More information about the use-livecode mailing list