Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
Developer
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: Has Anyone Implemented an OAuth Flow in a Playbook WebWorks Application

[ Edited ]

We also found jsoauth to be reliable. The only problem is that it doesn't support oAuth 2.0.

 

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Developer
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: Has Anyone Implemented an OAuth Flow in a Playbook WebWorks Application

A couple more points Smiley Happy

- The previous example won't work because you cannot use window.open in a webworks app.

- You can use window.location to go to Twitter and display a PIN, but then you would be asking the user to memorize it, which is bad in terms of UX

- You can use window.location and use a callback. You simply have to catch the variables when your app re-starts and it also isn't great in terms of UX.

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Contributor
Posts: 17
Registered: ‎07-27-2011
My Device: Torch 9810
My Carrier: Virgin Mobile (Canada)

Re: Has Anyone Implemented an OAuth Flow in a Playbook WebWorks Application

Right, I agree fully.  This is by no means a perfect solution, but was useful for me when writing a simply twitter status updating function.

 

Should be a good base for someone to start with though.

Highlighted
Developer
Posts: 57
Registered: ‎06-15-2011
My Device: PlayBook
My Carrier: Rogers

Re: Has Anyone Implemented an OAuth Flow in a Playbook WebWorks Application

[ Edited ]
I've actually just implemented what interfaSys wrote below using a very lightly modified browser extension by Polar Mobile (essentially just removed the buttons up top). 
For anyone looking for an example implementation, my app Lemma for the BlackBerry PlayBook is open source so it's all there for you to learn from; specifically take a look at the source for v1.0.9. Roughly, the order of operation is:
  1. The user clicks a button that executes the function doAuthGetPIN(), which requests a token from Twitter using the jsOAuth library. Having recieved the token, we launch the Polar Mobile browser within the app and then start a perpetual 5-second timer in doAutoAuthCheck().
  2. The user types in their Twitter username and password and clicks the Authorize button. Twitter then redirects the browser to file:///callback.html with some additional parameters, including the authorization token.
  3. doAutoAuthCheck() continues to run all of this time, and in doing so now notices that the URL of the browser now contains file:///callback.html . It closes the browser and passes the authorization token on to the function doAuthStepTwo() .
  4. doAuthStepTwo() sends the authorization token to Twitter and gets back an access token. It saves this access token to local storage and the process is complete.

Hope this helps others. WebWorks is still rather wonky when it comes to taking user input for me - I often can't get button presses to work and there's time when the app hangs for no reason - but I've not got the time right now look into it. Also, Web Inspector no longer works.


interfaSys wrote:

Before I forget... I've tested various methods and it's not that difficult to do anymore (if you don't mind hiding the keys in your code).

The PIN methods has always been fairly easy to implement, but the user experience isn't great :/

But now, thanks to Polar mobile, there is an easy way to use the callback method.

 

Install their extension: https://github.com/polarmobile/blackberry.polarmobile.childbrowser

and then do this in your code:

1) Get the request token

2) Use the request token to send the user to the child browser window (it will cover your app)

3) Monitor for a change of location

4) If it matches your callback URL, request access token

5) Make sure that your callback URL displays a message to the user, inviting him to close the child browser window