We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Purpose and use of the redirect URI


Saya
02-17-2014, 08:23 AM
Thanks for the answer, it helps to understand from the perspective of a third party app that wants to access hubic.
However my use case is to make a HubiC client for an unsupported operating system. I would like it to have the same kind of functionality as the normal
Android HubiC client for example.

What would you recommend me to do in that case to handle authentication?

OderWat
02-14-2014, 05:07 PM
Sorry I was getting interrupted and sent a half backed answer!

I think you can use localhost for the redirection url as long as the client you are programming can handle this redirection itself. So you would write your client in a way that it listens on localhost port 443. I think it does not even need to be ssl encrypted for real. But I do not like the "idea" to fake it this way. It easily can break too. You make assumptions about the target site which lets the user authorize the client by parsing its content.

Also you need people to authenticate with their real HubiC account data. Actually OAuth2 is made to not need that. Additional the API has ways to limit access to specific needs. If you geht the real account data in your client, you could access everything and take over their account!

For my gateway app I decided to support the "real" OAuth2 authentication because this way I can use it from different systems without ever giving away may HubiC account data.

OderWat
02-14-2014, 02:40 PM
The redirect URL is the url where the Authentication "Dialog" Website of hubic.com will redirect the user after he has given permit to the client to access his account.

I works like this:

You prepare a request with data which relocates the user to the oauth page at the url: https://api.hubic.com/oauth/auth/?(+data)

The user needs to login and confirm access for this client to do what you request access rights for.

THEN this authentication page redirects to you redirection URL and sends you some data with get parameters. This will then be used to request the real authentication token.

This can be "tested" at: https://api.hubic.com/sandbox/

Saya
02-14-2014, 02:16 PM
Hello,

I am trying to make a Hubic client for SailfishOS (https://sailfishos.org/) and I am new to OAuth2 and OpenStack.
I managed to make a proof of concept using python requests and I can go through all the steps and access the OpenStack objects.
However I used a localhost host redirect URI and I accept the form automatically programmatically.

I get (I think) that the request URI (http://tools.ietf.org/html/rfc6749#section-3.1.2) is used somehow to make sure the client is indeed the right client. However I am not sure of its purpose even after reading the documentation.

Does that mean I need to own a domain name and a web server to be able to make a third party Hubic App?
What if I just want to build an app for using hubic on a new platform and I do not have any web servers/infra?

Thanks