research how to use typeform answer API with ktor client

[morisil]

establishing proper, transparent oauth2 support in ktor.

[hamoid]

ktor will request data from typeform. Authentication should happen once, the token stored to do multiple requests on typeform.

[hamoid]

Sould we use webhooks to call our platform?

I see that the webhook calls contain the form submission data. The data is protected by https, and validated with an encrypted value one should decrypt on the server side to make sure it comes from Typeform. The data itself is not encrypted (except for https). Delivery is retried 5 times at increasing intervals.

https://developer.typeform.com/webhooks/

If I understand it right webhooks are a non-free option.

[hamoid]

I made a form for testing: https://x7dxsyy4g0y.typeform.com/to/fBwJApPU
It can be embedded in other sites if needed.
There's even a QR code:

https://developer.typeform.com/get-started/
https://developer.typeform.com/get-started/applications/

[hamoid]

https://www.scottbrady91.com/kotlin/ktor-using-oauth-2-and-identityserver4

Ktor OAuth Support

Currently, Ktor only supports OAuth which means our Ktor application can receive access tokens to talk to an API on behalf of the user, but it cannot find out who the user is. If we wanted to find out who the user is and to receive identity tokens, we would need OpenID Connect, which is currently unsupported.

The Ktor OAuth library is hard-coded to support the authorization code flow. Ideally, in this scenario, we’d also like to use PKCE so that we can prevent authorization codes from other users being injected into our application.

Also, due to an oddity in the OAuth 2.0 specification, the Ktor basic authentication mechanism may not work with some authorization servers (basic auth is usually base64(client_id + ":" + client_secret) but OAuth defines it as base64(urlformencode(client_id) + ":" + urlformencode(client_secret)).

Only the query string response mode is supported, and the default value for state is random, utilizing a nonce (no more than once) generator.

[hamoid]

https://github.com/mazine/oauth2-client-kotlin#client-flow-

Note: not updated in 6 years

Client Flow

Use it if

• Your application accesses resources on behalf of itself.
• The Client ID, Client Secret and any access token issued to your application are stored confident.

For further details check OAuth 2.0 Spec
or Hub Docs.

The library allows to create an AccessTokenSource for this flow. It is an object that retrieves and
caches an Access Token, and renews the Access Token when it expires.

val tokenSource = oauth2Client().clientFlow(
        tokenEndpoint = URI("https://hub.jetbrains.com/api/rest/oauth2/token"),
        clientID = "1234-3213-3123",
        clientSecret = "sGUl4x",
        scope = listOf("0-0-0-0-0", clientID))

do {
    // Make various calls using tokenSource.accessToken.header
} while (true)

[hamoid]

Now I see there's a solution partially implemented already in the code.

[hamoid]

https://ktor.io/docs/request.html#headers