OAuth on iOS

[Ed Arenberg]

Hello DrChrono,

I'm repeating a post from over 3 years ago.  I'm experiencing the same issue.

Is there any way we can get non-http/https schemas working for redirect URI's?  Native iOS mobile apps using OAuth pretty much require you to use custom schemes like myapp:// to grab the callback and parse the OAuth code natively.  Every time I try using something other than an http: or https: address, I get a Bad Request (400) which tells me you are doing something on your end to prevent this redirect.  Other EHRs allow custom schemes, making integration much easier.

Thanks,

Ed

[MXC]

Yes, this is pretty broken. You can get around it by using an OAuth framework that supports intercepting redirects. For instance, https://github.com/p2/OAuth2 supports this by setting it to the legacy methods e.g.

        auth.authConfig.authorizeEmbedded = true

        auth.authConfig.ui.useSafariView = false

        auth.clientConfig.secretInBody = true

works for me. You can set your redirect_uri to whatever you want in this setting since the framework will just wait for any redirect and gleam the code of the URL.

[Ed Arenberg]

I tried OAuth2 early on, but couldn't get it to work. It was about 2 weeks ago, so I don't recall the specifics, but the issue was that the DrChrono site failed, giving the Bad Request message.  I'm using a hack workaround for now that I'd like to get rid of.  I tried MANY ways to get it to work, including running a web server in the app, and other OAuth libs as well.  I did get it working with Postman, but that uses an http callback.

My app is to be used by patients.  Is there a way to generate a login for patients so they can access information?  Specifically, I want to be able to upload documents to their account.

If not, what I need is essentially server-to-server auth with no user interface, so I can proxy a doctor login for uploading a document for the patient.