Ionic WKWebView CORS Issue on /oauth/authorize

[Corey Roth]

I am in the process of converting my apps to use WKWebView in Ionic 3.7.  However, I am running into an issue when calling /oauth/authorize to get my access token.

Back when we used UIWebView it worked fine, but since WKWebView runs on an address of http://localhost:8080, I am seeing a CORS error.  

Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.

It seems like only the authorize endpoint is seeing this, my other API calls work fine.  I guess my question is, does the authorize endpoint use the callback URL to validate the origin, or is there something else?  Can http://localhost:8080 be whitelisted on the Untappd end?

As a work-around, I can always write a proxy on my back-end (and I probably should) to make the request for me, but if I could get my existing code working that would be nice.

Any ideas would be appreciated.

Thanks,

Corey Roth

[Corey Roth]

Ok so I verified that changing the callback URL has no effect on this.

[Greg Avola]

Corey,

Not sure I follow, how are you redirecting to an app via the Oauth call? 

Greg

--
You received this message because you are subscribed to the Google Groups "Untappd API Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to untappd-api-developer-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

--

Greg Avola

Co-Founder / CTO

Untappd

gr...@untappd.com

[Corey Roth]

Hi Greg,

So I do the redirect to the authenticate endpoin using InAppBrowser and the user logs in through the Untappd login prompt as normal.  I successfully get the code back from Untappd which I then make a call to the Authorize endpoint.  With UIWebView it works, with WKWebView, it fails with a CORS error.  It's only this endpoint that fails, other endpoints like beer search work fine (assuming I already have a valid access token). This approach has been working for the last year up until I switched webviews.

Here's a brief snippet.

getAccessToken(code, redirectUrl): Promise<string> {

return new Promise<string>((resolve, reject) => {

var accessTokenUrl = 'https://untappd.com/oauth/authorize/?' + this.getAuthQueryString() +

'&response_type=code&redirect_url=' + redirectUrl + '&code=' + code;

return this.http.get(accessTokenUrl).map(res => res.json())

.subscribe(data => {

this.accessToken = data.response.access_token;

resolve(this.accessToken);

},

error => {

reject(error);

});

});

}

Thanks again for looking at this.

Corey Roth

[Greg Avola]

Hey there!

Ok - totally get the issue know (we are an Ionic app as well, so make sense). Sadly there are some CORS issue here with WKWebview, and we can't open CORS on our untappd.com side for this call very easily. As an alternative, you can use a server on our own end to proxy the call on your behalf?

Thanks,

Greg

To unsubscribe from this group and stop receiving emails from it, send an email to untappd-api-developer-group+unsubs...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

--

Greg Avola

Co-Founder / CTO

Untappd

gr...@untappd.com

--
You received this message because you are subscribed to the Google Groups "Untappd API Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to untappd-api-developer-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Greg Avola]

You can also use the client side auth here: https://untappd.com/api/docs#authentication

Greg

[Corey Roth]

Thanks.  I figured changing the allowed endpoints on your end might pose a challenge, but I figured I would check.  

I'll create a proxy in my backend layer and get the access token that way.

Thanks,

Corey

To unsubscribe from this group and stop receiving emails from it, send an email to untappd-api-developer-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

--

Greg Avola

Co-Founder / CTO

Untappd

gr...@untappd.com

--
You received this message because you are subscribed to the Google Groups "Untappd API Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to untappd-api-developer-group+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.