Oauth2 (Dropbox) on iOS
Ben Rubinstein
benr_mc at cogapp.com
Wed Jul 25 10:54:03 EDT 2018
Hi Panos,
Thanks for looking this up for me.
I've been trying with some variations of this - so far without success!
QC #21444 would also help!
best regards,
Ben
On 25/07/2018 15:21, panagiotis merakos wrote:
> BTW if you want to add a whitelist for ATS in the plist, here are some more
> details on which keys/values you need and how to add them:
>
> http://forums.livecode.com/viewtopic.php?f=49&t=28294
>
> Best,
> Panos
> --
>
> On Wed, Jul 25, 2018 at 3:16 PM, panagiotis merakos <merakosp at gmail.com
> <mailto:merakosp at gmail.com>> wrote:
>
> Hi Ben,
>
> The "App URL Query Whitelist" field is for specifying a list of custom url
> schemes that the standalone can launch (using the "launch URL
> custom_url_scheme" command) on iOS 9+.
>
> See bug https://quality.livecode.com/show_bug.cgi?id=18687
> <https://quality.livecode.com/show_bug.cgi?id=18687> for more details.
>
> Best,
> Panos
> --
>
> On Wed, Jul 25, 2018 at 2:56 PM, Ben Rubinstein via use-livecode
> <use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>> wrote:
>
> Aha! Thanks Sean, that was a good tip: I now understand the problem.
>
> On simulator, my cut-down test app worked fine.
>
> On device, console shows:
>
> App Transport Security has blocked a cleartext HTTP (http://)
> resource load since it is insecure. Temporary exceptions can be
> configured via your app's Info.plist file.
>
>
> The Oauth2 library requires the redirect URL to be of the form
> `http://127.0.0.1:port` - you pass the port number to the library, it
> assumes the `http://127.0.0.1`.
>
> The Dropbox app setup allows you to specify an HTTP redirect (but only
> for localhost redirect URLs). So this is all good - except it appears
> that iOS is not so happy! Not sure why an http connection to localhost
> should be insecure, but there you go. (Or indeed why ATS doesn't kick
> in on the simulator?)
>
> I've posted a report in the QCC (#21442) to extend Oauth2 command to
> in some way allow the redirect URL to be HTTPs.
>
> In the meantime, I resigned myself to doing a custom info.plist, but
> found something that I'd not spotted before in the iOS Standalone Spp
> Settings: "App URL Query Whitelist" - which I thought might be exactly
> what I needed. Although I couldn't find any documentation for it.
>
> I still don't know what it does - but it doesn't do this! Does anyone
> know what it does do?
>
> There is also a checkbox "Disable ATS" - checking this displays a dire
> warning, doubtless correctly; but does indeed provide an easier way to
> solve the problem, at least for development. What it would do to your
> chances of getting an app into the App Store is another question.
>
> I've also added a report in the QC (#21444) - I thought I'd done this
> before, but maybe I just whinged on the mailing lists - for the
> Standalone Builder to support generic additions to the info.plist
> rather than requiring a completely separate one for anything unsupported.
>
> Ben
>
>
> On 24/07/2018 22:22, Pi Digital via use-livecode wrote:
>
> Open a console with either the device connected or the simulator
> and see what calls are made when the allow button is pressed
>
>
> On 24 Jul 2018, at 19:20, Ben Rubinstein via use-livecode
> <use-livecode at lists.runrev.com
> <mailto:use-livecode at lists.runrev.com>> wrote:
>
> I feel I've been through this before, but I've not been on it
> for a while, and I'm still (again) stuck.
>
> Using Oauth2 to connect an app to the Dropbox API works fine
> on desktop.
>
> On iOS, I get the overlay; with the Dropbox log-in; I sign in,
> and it then shows the message that this app would like access
> to the files in Dropbox, with buttons (from Dropbox) Cancel or
> Allow (and a link "Learn more").
>
> However, neither the Cancel nor Allow buttons do anything.
> Fortunately there is now an LC 'cancel' button at the bottom
> of the overlay (thanks Monte!
> https://github.com/livecode/livecode/pull/6315
> <https://github.com/livecode/livecode/pull/6315>).
>
> But something's not happening which should (I assume) happen
> when the user touches "Allow". (There is a tiny bit of visible
> feedback.)
>
> I know on a previous occasion I solved my issue with
> inclusions, but I don't think that's the problem this time. I
> have (manual inclusions) the Browser widget, the JSON and
> Oauth2 libraries, and the internet library. The call to Oauth2
> is wrapped in a try block, and I'm not seeing a catch (can't
> be sure that I would, but when I use the new emergency cancel,
> my script just reports "Not authorised" where if I drop the
> Oauth2 library, I get a dialog reporting the catch).
>
> What am I missing? Is anyone else able to succesfully connect
> to Dropbox using the Oauth2 library on LC 9.0.0, iOS 9.3 (or
> any similar environments)?
>
> TIA,
>
> Ben
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> <mailto:use-livecode at lists.runrev.com>
> Please visit this url to subscribe, unsubscribe and manage
> your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
> <http://lists.runrev.com/mailman/listinfo/use-livecode>
>
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
> <http://lists.runrev.com/mailman/listinfo/use-livecode>
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
> <http://lists.runrev.com/mailman/listinfo/use-livecode>
>
>
>
More information about the use-livecode
mailing list