Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-24576] Ti.OAuth: Redirect URI is hardcoded

GitHub Issuen/a
TypeBug
PriorityHigh
StatusClosed
ResolutionFixed
Resolution Date2017-04-14T13:38:11.000+0000
Affected Version/sn/a
Fix Version/sTi.OAuth 0.4.0
Componentsn/a
LabelsAPIM+
ReporterSuman kalyan chowdary Kadiyala
AssigneeHans Knöchel
Created2017-04-12T18:21:41.000+0000
Updated2018-08-06T17:49:22.000+0000

Description

The redirect_uri from the ti.oauth module is hardcoded to http://localhost/Callback, A fix has to be made to fix ti.oauth module to accept custom redirect_uri. Download Titanium SDK from API Portal (https://lphxen013.lab.phx.axway.int/index.php?option=com_apiportal&view=apitester&usage=api&tab=tests&Itemid=0&apiName=studentcar&apiId=35d9091f-19cb-431a-b8f1-427f25a929e6) user/pwd: hod/changeme. Follow the instructions in the Readme to created an AlloyApp. Copy this in the var sdk = require('./studentcar'); var SDKClient = new sdk.Client(); // Set up client secret SDKClient.authentications.set('client_id', '53c0cd50-e8be-4ab5-af50-c1e5f3af3be3'); SDKClient.authentications.set('client_secret', '50e2f47e-a2c6-467c-92c4-57cbc19051ed'); SDKClient.authentications.set('redirect_uri', 'https://lphxam004.lab.phx.axway.int/oauth_callback'); SDKClient.authentications.set('response_type', 'token'); var OAuth = new sdk.OAuth(); // For self sign certificate OAuth.ignoreSslError = true; // Make global instance Alloy.Globals.OAuth = OAuth; Alloy.Globals.API = new sdk.DefaultAPI(SDKClient); Alloy.Globals.SDKClient = SDKClient; In the Client.js update authorizationURL from http to https. Run the app in emulator. it is pointing to http://localhost/Callback, this value should accept custom redirect uri.

Comments

  1. Hans Knöchel 2017-04-13

    I think it was set to that value on purpose by [~cwilliams], because developers usually set their own one per project. As this a special use-case for the client-generator, I understand it should be configurable. Let me do a PR for that today. We might want to refactor it soon to split out the different OAuth-options into own files and/or write an Alloy widget for it.
  2. Hans Knöchel 2017-04-13

    PR: https://github.com/appcelerator-modules/ti.oauth/pull/6 Example: 
       var OAuth = new sdk.OAuth();
   
   // Configure callback-url (optional, defaulting to http://localhost/Callback)
   OAuth.redirectUrl = 'http://example.com/callback';
   
   // Configure window-appearence (optional)
   OAuth.authWindowOptions = {
       title: 'OAuth'
   };
  3. Christopher Williams 2017-04-13

    You set the window options and callbackUrl on the OAuth class/object itself, and not on an "instance" - you get an instance back as a result of the authorize* method calls and it contains the tokens needed. I think they wrap the ti.oauth module in their own wrapper in the generated sdk clients, so I assume there's more changes necessary to the titanium templates to expose these values. In the client-generator/templates/titanium/oauth.js you'd call: 
       var oauth = require('ti.oauth');
   //...
   oauth.default.callbackUrl = 'http://www.example.com/callback';
   oauth.default.authWindowOptions = {
       title: 'OAuth'
   };
  4. Eric Merriman 2018-08-06

    Cleaning up older fixed issues. If this issue should not have been closed as fixed, please reopen.

JSON Source