Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HowTo] OAuth #542

Closed
Anonyfox opened this issue Mar 14, 2013 · 5 comments
Closed

[HowTo] OAuth #542

Anonyfox opened this issue Mar 14, 2013 · 5 comments

Comments

@Anonyfox
Copy link

Basically i have no redirect-uri for OAuth, right? So what's the preferred way to connect with OAuth Services, like Facebook/Twitter API? I'm desperate right now how to achieve this "simple" login mechanism...

cross-asked this on the facebook-SO:

http://facebook.stackoverflow.com/questions/15419985/node-webkit-facebook-integration?noredirect=1#comment21806477_15419985

just in case anyone wants some points for a solution :)
@Anonyfox
Copy link
Author

My ideas so far:

  • open the OAuth link in a separate, new window. But then i'll have to capture the "url changes"-event, which shouldn't be possible afaik.
  • start a http-server within my app, register with something like http://lvh.me (localhost proxy) at facebook, and the redirect uri captures the access-token and triggers the appropiate action within my app.

I'll try the second option, since the first one didn't work for me (losing JS-context because of the redirects in OAuth). Feels kind of ugly, though.

@mmorrisontx
Copy link

Note: this idea is untested, but I do exploit the general principal in my own apps, so it should work.

You've almost got it with your first idea. Open the facebook oauth dialog in a full page iframe or another window, but keep note of the window's "window" variable, or the iframe's contentWindow. Use a redirect_uri of somewhere predictable, such as an empty landing page on your public website.

Because of the way node-webkit's permissions work, the page which opened the iframe / new window has FULL ACCESS to the child window's DOM. This means you can start an interval which checks the frame's URL every few seconds. When you notice the URL has changed to your "predictable site landing page," this means oauth has completed, and you can pull the oauth token out of the frame's URL.

Side note: this question would probably be more appropriate on the mailing list:
https://groups.google.com/group/node-webkit

@Anonyfox
Copy link
Author

Indeed, i can access the DOM of a child window! Too bad that the iframe-solution won't work, since Facebook set their x-window-stuff to DENY. This Issue may be closed now, since using a child window did the trick.

Just for me if someone knows it: is it possible to disable chromiums behaviour in the manifest file, so that it doesn't communicate "hey, im requesting from an iframe" to the url i want to access? :)

@juzerali
Copy link

Chromium does not communicate that its requesting from an iframe. Instead it gives shit to the header sent by facebook and consequently doesn't display the page although the request succeeds.

@rogerwang
Copy link
Member

@Anonyfox in 0.5.1 we support browsing in an iframe with 'nwfaketop' and 'nwdisable' attribute. Please see our wiki and #461 #534

@rogerwang rogerwang mentioned this issue Aug 22, 2013
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rogerwang @mmorrisontx @Anonyfox @juzerali