Oauth2 (Dropbox) on iOS

Wed Jul 25 09:56:30 EDT 2018

Aha! Thanks Sean, that was a good tip: I now understand the problem.

On simulator, my cut-down test app worked fine.

On device, console shows:
> App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

The Oauth2 library requires the redirect URL to be of the form 
`http://127.0.0.1:port` - you pass the port number to the library, it assumes 
the `http://127.0.0.1`.

The Dropbox app setup allows you to specify an HTTP redirect (but only for 
localhost redirect URLs). So this is all good - except it appears that iOS is 
not so happy! Not sure why an http connection to localhost should be insecure, 
but there you go. (Or indeed why ATS doesn't kick in on the simulator?)

I've posted a report in the QCC (#21442) to extend Oauth2 command to in some 
way allow the redirect URL to be HTTPs.

In the meantime, I resigned myself to doing a custom info.plist, but found 
something that I'd not spotted before in the iOS Standalone Spp Settings: "App 
URL Query Whitelist" - which I thought might be exactly what I needed. 
Although I couldn't find any documentation for it.

I still don't know what it does - but it doesn't do this! Does anyone know 
what it does do?

There is also a checkbox "Disable ATS" - checking this displays a dire 
warning, doubtless correctly; but does indeed provide an easier way to solve 
the problem, at least for development. What it would do to your chances of 
getting an app into the App Store is another question.

I've also added a report in the QC (#21444) - I thought I'd done this before, 
but maybe I just whinged on the mailing lists - for the Standalone Builder to 
support generic additions to the info.plist rather than requiring a completely 
separate one for anything unsupported.

Ben

On 24/07/2018 22:22, Pi Digital via use-livecode wrote:
> Open a console with either the device connected or the simulator and see what calls are made when the allow button is pressed
> 
> 
>> On 24 Jul 2018, at 19:20, Ben Rubinstein via use-livecode <use-livecode at lists.runrev.com> wrote:
>>
>> I feel I've been through this before, but I've not been on it for a while, and I'm still (again) stuck.
>>
>> Using Oauth2 to connect an app to the Dropbox API works fine on desktop.
>>
>> On iOS, I get the overlay; with the Dropbox log-in; I sign in, and it then shows the message that this app would like access to the files in Dropbox, with buttons (from Dropbox) Cancel or Allow (and a link "Learn more").
>>
>> However, neither the Cancel nor Allow buttons do anything. Fortunately there is now an LC 'cancel' button at the bottom of the overlay (thanks Monte! https://github.com/livecode/livecode/pull/6315).
>>
>> But something's not happening which should (I assume) happen when the user touches "Allow". (There is a tiny bit of visible feedback.)
>>
>> I know on a previous occasion I solved my issue with inclusions, but I don't think that's the problem this time. I have (manual inclusions) the Browser widget, the JSON and Oauth2 libraries, and the internet library. The call to Oauth2 is wrapped in a try block, and I'm not seeing a catch (can't be sure that I would, but when I use the new emergency cancel, my script just reports "Not authorised" where if I drop the Oauth2 library, I get a dialog reporting the catch).
>>
>> What am I missing? Is anyone else able to succesfully connect to Dropbox using the Oauth2 library on LC 9.0.0, iOS 9.3 (or any similar environments)?
>>
>> TIA,
>>
>> Ben
>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
> 