OAuth2 broken in LC 10 (dp6)

Monte Goulding monte.goulding at livecode.com
Thu Sep 7 18:39:40 EDT 2023

Hi Ben

Launching the url in the default browser is by design as it is a required change to conform to RFC 8252. The notion being the user’s default browser is trusted not to record entered credentials while web views presented in apps don’t have that trust. There are notes on this breaking change in the release notes. 

Could you please create a bug report. It sounds like there’s some issue with the formation of the authorisation url or parameters we are attempting to launch in the browser. If you could include the parameters you are using in the report along with it that would be most helpful. Just change the client id and secret so it is different but conforms to the same pattern as you are using. If you can launch the url in your browser and copy the url the browser is trying to open that would be helpful but we can do that once we have the parameters.



> On 8 Sep 2023, at 7:02 am, Ben Rubinstein via use-livecode <use-livecode at lists.runrev.com> wrote:
> Am I doing something wrong, or is OAuth2 broken in LC 10? (Using dp6, but also true of dp5).
> When I call OAuth2, it attempts to open a link in my default browser, instead of in a sheet on the stack. This doesn't display anything.
> Same stack works fine in 9.6.10 and all earlier versions I've tried, opening a sheet which correctly allows me to authorise, logging in as necessary.
> This is on Mac, in the IDE, on macOS 12.6.7.
> I'm not sure if this something to do with https://quality.livecode.com/show_bug.cgi?id=23767.
> Can anyone confirm, before I bugzilla it?
> TIA,
> Ben
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list