beta
Hello developer. Login with your existing account. New to Vodafone Developer? Register your account.

+ Login or create an account

0

OAuth and the Opera Widget Container
Hi,

I've been playing around with Open-Auth Javascript libraries in order to manipulate a number of social network API's - but without going much further I have a conceptual issue with the interop of the widget container and the native brower on the device which makes me think that it just won't work on a mobile without heavy fiddling.

During the OAuth protocol exchange you basically request an authentication token from the service, and then redirect the end-user to a URL to challenge them for their credentials. This is hosted by the service, and may well have a "mobile" page for this (eg: m.tripit.com).

However, from previous experience, you might serve up a link within your mobile widget (running inside the widget container) but clicking on it will launch the native browser. The user challenge is therefore taking place inside another device application - so can you return control back to the widget to continue the OAuth protocol exchange? I'm guessing not.

The Javascript OAuth library I've been using assumes the Javascript code, and the redirect to the user challenge are all running out of the same browser - so I can see how that would work. This is not the case on a mobile.

Has anyone tried any OAuth authentication initiated from within a mobile widget?

Thanks,

Steve Harrop

added 4 years ago
SteveH 50
add comment

2 Answers:

Oldest Newest Votes
0
Hi, Yes - I see what you mean, though I think the principle is that you have to redirect *directly* to the service host for the login page (eg: TripIt, Twitter, Facebook etc). At this point they will own the user-experience so that you are not party to the exchange of credentials. In "traditional" web browsing context this is fine, as it is all run within the same browser instance, so the same Javascript runtime/namespace - so that you can register your own callback function within the TripIt URL, and when successfully logged in, the browser can call the callback and carry on with the API exchange. On a mobile, the native Nokia S60 browser will not be able to callback on a function that is resident in the Opera container. Hmm. It's a tough one, but I imagine we have to over-come this for mobile-hosted orchestrations to social networks to succeed. There may be some hope if the Opera widget container could hand off to an Opera Web Browser and back - perhaps they may share the same Javascript engine/instance/namespace? Again, more "heavy fiddling"! Steve
added 4 years ago
SteveH 50
add comment
0
Hi Steve, I haven't used the OAuth authentication from within a mobile widget (or anywhere else as a matter of fact). From what you wrote I do get a bit of an idea how the flow works and what might be tried to make it actually work from within the Opera (or Vodafone) mobile widget environment. What you said, the JS OAuth library assumes that the Javascript code and the redirect are all running within the same browser environment and as far as I know it is NOT possible to handover interaction/ information or tokens from the native mobile browser back to the Widget environment. To make it actually work my best bet is that you create a custom OAuth proxy on your own server that you use (with XMLHttpRequest) to do the requesting/ validation/ handling of the authentication token and after you have retrieved a valid token you can then interface with the social network API. The above can of course be classified as "heavy fiddling" ;-) Cheers, Ernst
added 4 years ago
Ernst_NL 50
add comment

Login and answer the question