How to use google OAuth2 in a Sencha Touch2 application? - sencha-touch-2

I build Web application using Sencha Touch2.
At iPhone, the application can be used by full screen.
I already have build web application for pc browser, and use google calendar API connecting with OAuth2.
The authorization step need to open new window to login the user google account.
Maybe I can build Sencha Touch application use the same architecture of pc,
but opening new window make the full screen application closed.
Do you know how to use google OAuth2 in a Sencha Touch2 application?
-- Add 2013/2/6
My Sencha Touch2 application is web application.
I want to know that it is possible to grant permission in the full screen web application, not in the browser.
-- Add 2013/2/7
I use the tip.
http://miketheindian.com/2012/02/22/staying-in-full-screen-mode-on-the-iphone-from-page-to-page/
This way is not need to open browser.
It is better than opening new window, but the best is authorizing in iframe...
-- Add 2013/2/13
Finally, I take the way;
Google AOuth is three patter, for user.
1.User google Account is logout, user must write user ID and password.
2.User google Account is login and but the application is not allowed, user must click "allow" button.
3.User google Account is login, user do not need to do anything.
When the time of 3., we can authorize in iframe.
And, when the time of 1. or 2., we can not authorize in frame, so use location.href change approach ( detail in http://miketheindian.com/2012/02/22/staying-in-full-screen-mode-on-the-iphone-from-page-to-page/ ).
Details
make view has the container
{
xtype: 'container',
html: '<iframe src="" id="googleLogin" style="border:0;">'
},
change src in controller
var iframe = Ext.get(Ext.query('#googleLogin'));
iframe.set(
{
src: responseInformation.googleOAuthUrl
});
When the time of 3., user google account login , this is ok.
When the time of 1. or 2., we change location.href.
We want to handle iframe "onerror" event, but there is not that event.
I use settimer and check if the src of the iframe is not change first src (because of error redirecting to google login page).
3000 ms is not so meaning. When the time of 3., redirect is success and page has changed.
me.timerId = setInterval(function(){
if (iframe.el.dom.src.indexOf( /* first url */'') !== -1){
location.href = iframe.el.dom.src;
clearInterval(me.timerId);
}
}, 3000);

On Android, it's probably a good idea to use the local Contacts database on the device rather than working over the network. Yes, the user has to grant permission, but they would anyhow for network access. That way you don't need to spin out any extra browsers or anything.

There is another way to face the problem:
Use inAppBrowser plugin from Cordova or Sencha to launch the auth prompt, then, with a eventListener, wait for page load, and if url matches the success callback URL, then you can parse the url and get the auth/code or auth/token.
Example using Cordova:
window.authmodal = window.open(authorizationUrl, '_blank', 'location=yes');
window.authmodal.addEventListener('loadstart', function(event){
var code = getParam(event.url,"code");
if(code != null){
//here we got the code, now make a last request to get the TOKEN
OAuth2Helper.finish(function(token){
window.authmodal.close();
window.localStorage.setItem("token",token)
//do somethink else with your logic
},code)
}else{
//no code found in this page start.
}
});
NOTE: OAuth2Helper.finish, makes a request to the token url, using the code, in order to get a valid and usable token.

Related

Showing file selection UI : Integrating Dropbox with OAuth 2

I am trying to create a web page which will allow my user to upload a file to my S3 storage. For choosing the file user can use Google Drive, Dropbox and also local system. Am facing issues while implementing the Dropbox part of this.
Am using this technique for integration(using core API and OAuth 2).
First when user chooses Dropbox i am opening an HTML page in an IFrame. Here I have an authorize button which will open the authorize endpoint mentioned in the above link. This link shows me X-FRAME-Options error inside the Iframe so i had to open this link as a popup to work.
Is there a way around this? I'd like the authorize URL to open in the same iframe by using location.href.
Also when i open it as a popup, after the user logs in successfully the redirect_uri which i pass i getting opened in the popup. I had to do some unconventional setInterval coding to go around this. Can someone suggest a solution for this as well?
I also tried using CSRF tokens as mentioned in Smarx's blog but this also gives me the same error.
EDIT :
#smarx i tried using dropbox.js and it works fine. Stuck at one place
I used the OAuth popup driver and have a button which says sign-in.
First on load i create the client and then the popup driver as below
client = new Dropbox.Client({ key: client_id });
client.authDriver(new Dropbox.AuthDriver.Popup({
receiverUrl: "http://localhost/uploadCare/dbcallback.html"
});
);
And in the call back html i am writing
Dropbox.AuthDriver.Popup.oauthReceiver()
as mentioned in the docs.
But this does not take me back to the original page and show me the list of files.
I particularly did not understand this part of the explanation
"To use the popup driver, create a page on your site that contains the receiver code, change the code to reflect the location of dropbox.js on your site, and point the Dropbox.AuthDriver.Popup constructor to it."
Could you please help me out here.
You definitely can't put dropbox.com into an iframe, for security reasons (e.g. clickjacking).
A few suggestions:
Can you just use the Chooser for your use case? That would certainly be easier for you and your users.
If you can't use the Chooser, is there a reason you're not using dropbox.js? It has a popup auth driver that will pretty much just take care of all this for you. The redirect will definitely happen in the same window as auth, so communication between the windows (usually via localStorage) is generally necessary. This is already done in dropbox.js.

SignalR inside _Layout.cshtml - persist connection

I decided to use SignalR for chat on my page. Chat page is opened when user clicks on "Enter Chat" link which is placed inside _Layout.cshtml. This works fine. However, what I would like to achieve is the following functionality:
On the left side of the page I would like to have some kind of
"online users" area and when one user logins, other users whose are
already logged in will be able to see that a new user just enters the
page.
Users who are online can chat with each other by simply
clicking on their names
I am using the following code to connect to the chat application:
$(function () {
//declare a proxy to reference the hub
var chatHub = $.connection.chatHub;
registerClientMethods(chatHub);
//Start Hub
$.connection.hub.start().done(function () {
registerEvents(chatHub);
chatHub.server.connect(#User.Identity.Name);
});
});
However when I place this code inside my _Layout.cshtml page, users are permanently logged off and connected again each time they navigate through pages (they are intended to be opened inside _Layout.cshtml).
Is there any way for persisting connection with the hub when navigating through page? What is the best practices when using this kind of functionality?
Whenever you navigate away from a page or in any way refresh the contents of the page you will need to start a fresh SignalR connection. There are two ways to handle this behavior when navigating through pages:
Create a single page application.
Handle users connecting/disconnecting on the server in such a way that they're not truly logged out until they leave the site.
Now to dive into a little more detail on #2. Users on your site may disconnect/connect every time they transition to a new page but you can control how they log out or appear disconnected via your server side logic. You can get this functionality by keeping a set of "online" users in your server side code and then only considering them offline after a specified timeout value.

FB.logout() only from the application using javaScript SDK

I get a user's data using the Facebook JavaScript SDK like this:
FB.login(function(response){
// some code here
userid = response.authResponse.userId;
});
If the user id is odd (undesired one), then I call:
FB.logout();
This will make the user logout from my application and their Facebook account as well.
I want it to only log out the user out from my application. They should not be logged out from their Facebook account.
Below is the code I use to initialize the FB variable:
FB.init({appId: 'XXXXXXXXXXXXX', cookie: true, status: true, xfbml : true});
If a user logs in to my application then I get the response. The response has the status, access_token and user_id.
Which variable should I use to achieve only logging them out of my application and not Facebook?
I am also having the same problem, looks like we need to use both PHP and Javascript SDK to get and maintain the state for App only logout. You can check out the tutorial here, I am just looking into this, so I have not actually checked if it works.

Communication Between WebView and WebPage - Titanium Studio

I am working in a Mobile project (using Titanium Studio), in which i have the below situation
1) My Mobile app contacts Rails backend to check some data, say check validity of a
user id.
2) I found a way to load web pages in Mobile app, i.e., WebView
3) I could able to load the desired url, ex http://www.mydomain.com/checkuser?uid=20121
which would return data like status:success
But i need to read this data to show whether the response from server is a success or failure, how do i achieve this?
NOTE : The above mentioned scenario is an usecase, but actually what happens is i load a third party url in WebView and when user enters the data and submits, the result will be posted back to my website url.
EDIT : So the process is like below
1) WebView loaded with third party url like http://www.anyapiprovider.com/processdata
2) User will enter set of data in this web page and submits the page
3) The submitted data will be processed by the apiprovider and it returns data to my web page say http://www.mydomain.com/recievedata
This is the reason why i am not directly using GET using HTTPClient
FYI : I tried to fire Ti.APP events right from the actual web page as suggested by few articles, but most of them says this will work only if the file loaded is in local and not a remote file. Reference Link
Please suggest me if my approach has to be improved.
Thanks
If you don't want to follow Josiah's advice, then take a look at the Titanium docs on how to add a webview.addEventListener('load',... event listener and use webview.evalJS() to inject your own code into the third party HTML.
Maybe you can inject code to trap the submit event and fire a Ti event to trigger the downloading of data from your website.
Communication Between WebViews and Titanium - Remote Web Content Section
I found a solution for my problem
1) Load the http://www.mydomain.com/checkuser?uid=20121 in a webview
2) Let user enter and submit data to third party url
3) Recieve the response from third party url and print only <div id="result">status:success</div> in http://www.mydomain.com/recievedata page.
4) Add event listener for the web view as follows
webView.addEventListener('load', function(data)
{
//Add condition to check if the loaded web page has any div with id = result (to check if this is /recievedata page)
alert(webView.evalJS("document.getElementById('result').innerHTML"));
});
The above alert would print the result status:success, read it in webview load event
and take actions in web accordingly.
It works fine for me.
Instead of loading it in a WebView why not just GET it using a HTTP Client? This is much cleaner, and more standards based:
var xhr_get = Ti.Network.createHTTPClient({
onload : function(e) {
// Here is your "status:success" string
var returnValue = this.responseText;
},
onerror : function(e) {
Ti.API.info(this.responseText);
Ti.API.info('CheckUserProgressOnActivity webservice failed with message : ' + e.error);
}
});
xhr_get.open('GET', 'http://www.mydomain.com/checkuser?uid=20121');
xhr_get.send();

Facebook Connect: User has logged in and given permissions, now what?

So i've been trying to get FB Connect working on my site, simply for login and authentication, using the Javascript SDK and following the code at:
https://developers.facebook.com/docs/guides/web/
So the button appears, i click it, a dialog pops up, i click that, presumably my site now has permission to know who i am...
Then what? The guide goes on to saying all the stuff I can access through the Facebook API, all the cool things about permissions, but presumably i need the user's ID or access token or something to get at this stuff. How is that given to me? left as a attribute on one of the elements? Left in a Javascript variable somewhere? Given as an argument to some callback? Thrown high into the heavens for me to receive via satellite downlink?
This is probably incredibly simple, but for the life of me i have not been able to figure it out. Facebook's tutorials have failed me, and so has Google. I want to get this in the Javascript, so I can immediately fill in form-data using the user's Facebook name, put a picture, etc. etc., and presumably send this all back to the server so the server can validate with Facebook that the data is real.
I'm assuming you're using the Login button? https://developers.facebook.com/docs/reference/plugins/login/
If you simply want form info, check out the registration plugin - https://developers.facebook.com/docs/plugins/registration/
However, to answer your question, make an API call to /me. For example:
FB.api('/me', function(user) {
if(user != null) {
// The user object now contains info about the logged in user
}
});
You should subscribe to the auth.login event and wrap the above API call in the successful response, i.e.:
FB.Event.subscribe('auth.login', function() {
// JS to run if when the user logs in, for example, the code snippet above
});