Configuration Redirect URI & OAuth

41 views

Skip to first unread message

Ryan Huff

unread,

Mar 20, 2011, 2:45:56 AM3/20/11

to Raplet developer discussion list

Hi there. I'm working on a raplet that will need to kick off an OAuth
process with an external service.

Rapportive adds their own client_id and redirect_uri params to the
config URL passed in, so my config URL is essentially a proxy that
directs immediately to the actual OAuth page, passing in the actual
client_id, etc that the service requires.

Once I go through that process, I need to pass the access token, and
other things, back to Rapportive via the redirect URI that was passed
to my config_url originally. However, this process is asynchronous,
and once I redirect over to the OAuth service and it comes back, I
don't have any way to figure out what that redirect_uri was for that
initial request...

So my question is this: is the redirect_uri unique for each request
and must therefore be tied to that user -- or will it be constant
across requests? Can I simply store that value and use it for all
requests in the future?

The only way I can think of tieing it to the user in a way that I can
retrieve that specific value later is to set the value in a cookie
before I redirect...

any help?

Conrad Irwin

unread,

Mar 20, 2011, 3:33:23 AM3/20/11

to raple...@googlegroups.com, Ryan Huff

Hi Ryan,

The redirect_uri is different for every installation of a raplet by a
user — this is an important part of keeping the protocol secure!
(Without it you would be able to get a user to install a raplet, by
just sending their browser to the magic URL)

All the Oauth services I've written integrations with before have
allowed me to pass a custom callback url to each request — it gets a
bit convoluted, but you can normally ask the external service to use a
callback url that itself has a redirect_uri parameter. For example:

We send the user to:

• https://ryan-huff.example.org/raplet?redirect_uri=https://rapportive.com/raplets/blah-di

Then you redirect to:

• https://uber-oauth.example.org/oauth?oauth_callback=https://ryan-huff.example.org/callback%3Fredirect_uri%3Dhttps://rapportive.com/raplets/blah--di

And the external oauth redirects back to:

• https://ryan-huff.example.org/callback?redirect_uri=https://rapportive.com/raplets/blah-di

Then (finally!) you redirect back to:

• https://rapportive.com/raplets/blah--di

Would that work for you?

Failing that, cookies do work (just about), but it's a bit ugly.

Conrad
Rapportive

> --
> You received this message because you are subscribed to the Google
> Groups "Raplet developer discussion list" group.
> To post to this group, send email to raple...@googlegroups.com
> To unsubscribe from this group, send email to
> raplet-dev+...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/raplet-dev?hl=en
>

Reply all

Reply to author

Forward

0 new messages