Android Question Generic OAuth2?

techknight

Well-Known Member
Licensed User
Longtime User
Is there a generic OAuth2 library or implementation that isn't specific to google?

I still dont understand OAuth2 much, but there is an API that i am trying to integrate in my app, but its protected behind OAuth2 and tokens.

But not entirely sure where to start on that for B4A.

Thanks.
 

Andrew (Digitwell)

Well-Known Member
Licensed User
In my experience each OAUTH2 implmentation is slightly different so you will need to check what is required by the API provider.
The OAUTH2 spec. allows for many different implementation strategies, all of which are valid for their own circumstance.

Sorry I can't be of more help. Which API are you lookig to connect to?
 
Upvote 0

Andrew (Digitwell)

Well-Known Member
Licensed User
and a quick search of the forum threw up this...


But you said you didn't want google specific.
 
Upvote 0

Andrew (Digitwell)

Well-Known Member
Licensed User
So a quick scan of the link you sent give 2 options.

Either you are calling the API on your own behalf and have a secret already or you need the user to login which will probably require a webview.

Assuming the first which is simpler.

You should already have a client secret and id.

B4X:
    private s as string = $"${Your Client ID}:${your client secret}"$
  private su as stringutils

   private data as string  = "grant_type=client_credentials&scope=owner"

    job.Initialize("",Me)
    job.PostString(https://auth.boxcast.com/oauth2/token",data)
    job.GetRequest.SetHeader("Authorization","Basic "&su.EncodeBase64(s))
    job.GetRequest.SetContentType("application/x-www-form-urlencoded")
    Wait For (job) JobDone(job As HttpJob)
    if (job.success) then
      log(job.getstring)
   end if

Note, the above is untested but should just about work. The bit that was not clear from the spec. was if the parameters were url encoded or you could pass them as JSON.

Edit: changed Bearer to Basic
 
Upvote 0

techknight

Well-Known Member
Licensed User
Longtime User
The user needs to be able to log in, I dont have any secret keys or anything since they are too long for a customer to type in.
 
Upvote 0

Andrew (Digitwell)

Well-Known Member
Licensed User
Fair enough you need to use the other method which is a bit more complicated and will also require a webview.

(I don't have a Boxcast Account so don't have the appropriate credentials)

Use a webview to allow the user to login and then exchange the returned code for an access token.

B4X:
Private Sub Login_Click
    redirecturi = "https://mywebsite.co.uk/finished"
  ' you need to replace the variables with the once from your boxcast account.

    WebView1.LoadHtml($"https://auth.boxcast.com/oauth2/auth?response_type=code&client_id={client_id}&redirect_uri=${redirecturi}&scope=owner&state={state}"$)
End Sub

Private Sub WebView1_PageFinished (Url As String)
    ' Check if the process is finished the url will be https://mywebsite.co.uk/finished?code={code}&state={state}
  ' for this to work this page needs to exist . It could be a page with the message "logging you in..."
    If (Url.tolowecase.contains("https://mywebsite.co.uk/finished") = 0) Then
        ' you need to extract the "code" and the "state" from the url string
        'And check all Is good
        ' You also need to handle any errors or a cancelled login

        'use the code to get the token
        gettoken(code,redirecturi)
       
        Log("Finished login " & Url)
    End If
End Sub

private Sub gettoken( code As String, redirect As String)
    Private s As String = $"${Your Client ID}:${your client secret}"$
    Private su As stringutils

  ' note the different grant type and parameters
    Private data As String  = $"grant_type=authorization_code&code=${code}&code=${code}&redirect_url=${redirect}"$

    job.Initialize("",Me)
    job.PostString(https://auth.boxcast.com/oauth2/token",data)
    job.GetRequest.SetHeader("Authorization","Basic "&su.EncodeBase64(s))
    job.GetRequest.SetContentType("application/x-www-form-urlencoded")
    Wait For (job) JobDone(job As HttpJob)
    If (job.success) Then
        Log(job.getstring)
    End If
End Sub
 
Upvote 0

techknight

Well-Known Member
Licensed User
Longtime User
hmm.. I guess I dont understand how all this works.

I have an account, but its a temporary account that will get shut off once my development is done. I can go into APIs and generate an API key/secret, but it only works for my own account.

I need something that another person can sign into their own account (whether its redirect to web or what) so they can use their own account.

It sounds like they have to set me up as a "supported partner" in their system so it recognizes my app? with my own secrets?
 
Upvote 0

Andrew (Digitwell)

Well-Known Member
Licensed User
I would say that is correct.

There is this line in the docs

All API clients must be registered before use. Please contact BoxCast customer support to register an API client application and receive valid API client credentials.
 
Upvote 0
Top