---

yogeshwarp wrote:

With new breed of OAuth2 API such as Pocket there is now a growing need for apps to complete the OAuth2 flow in default OS browser outside of the Application.

---

The usual way we handle this is by embedding a web browser control inside the application, and then listening for navigation events. When the URL of the embedded browser matches the redirect_url, cancel the navigation and you're good to go. The redirect_url can be any string you like, as it's never loaded by the browser.

This usual solution has been explicitly forbid by Pocket API. see here

http://getpocket.com/developer/docs/authentication

look for line with

------------

Please send the user to the URL via their default browser in a new tab; do not present this page in a webview or screen within your application. Doing so violates Pocket's API guidelines.

------------

They have done this due to natural concern that application might capture the password in between. They have SDK for iOS and custom URL protocol solution on Android. at the moment I am looking for similar solution on blackberry platform

---

yogeshwarp wrote:

This usual solution has been explicitly forbid by Pocket API. see here

 

http://getpocket.com/developer/docs/authentication

 

look for line with

------------

Please send the user to the URL via their default browser in a new tab; do not present this page in a webview or screen within your application. Doing so violates Pocket's API guidelines.

------------

 

They have done this due to natural concern that application might capture the password in between. They have SDK for iOS and custom URL protocol solution on Android. at the moment I am looking for similar solution on blackberry platform

---

OK. Rather off-topic, but this will create a false sense of security for the user, at least on Android and jailbroken IOS it's quite simple to catch on-screen keyboard events. And a false sense of security is worse than no security.

Have you seen the session on the Invocation Framework from BBJam Americas?

http://www.youtube.com/watch?v=5ZYqztt4U0E&t=17m12s

Shadid starts talking about target registration 17 minutes into the presentation.

Also, shameless plug alert, check out my OAuth library for bb10/cascades

https://github.com/blackberry/bb-cascades-oauth

Yes I actually have added the relevant code in bar-description.xml and Application .cpp and .hpp files.

still the browser is not recognizing the custom url scheme I have registered. so wanted to check if this use case is supposed to be covered

Hey thanks this line looks interesting

It uses the native BlackBerry browser for authentication and handles callbacks from there via http://localhost.

Can you please point me in source which files I should check out to see this flow?

Since this is exactly what I am looking at