OAuth Callback procedure for mobile devices
I am designing a Netflix Application for BlackBerry mobile devices. I am currently working on the OAuth. I am at the point where I can generate a Netflix login page in an embedded browser field in my application.
After the user signs in, Netflix will send the user from the login pag开发者_如何学Pythone to a specified callback url. The callback url will also contain an authorized token, which is then needed to send back to Netflix.
My question is: How am I supposed to do this on a mobile device? Is there a procedure set in place? I am unsure how I can extract the authorized token from the callback URL and send it back to my application. From my research, it does not appear that Netflix will provide a PIN/verifier for the user to then type into the application...
Does anyone have any ideas?
Thanks...
There are two ways to deal with callbacks on mobile devices. The first is to set the value of oauth_callback to 'oob'. This is done if your device is unable to receive callbacks. See the OAuth spec, section 2.1:
Temporary Credentials
Using 'oob' should cause the server (Netflix) to display a verification code that the user then types into your application to authorize the request token.
The second way, if your device supports it, is to use a custom URI scheme. I know that on iPhones, you can register a callback with a custom scheme that is assigned to your application. Is there a way to do this on a BlackBerry? If so, I'd use this approach as it's a much better user experience.
Instead of embedding browserfield, you may be better off creating a seamless (i.e. browserless) user experience by simply letting the mobile app do all the necessary handshaking with netflix. You'll need to set up a public domain server as your callback host for OAuth and have that negotiate your new session key/secret key and pass it back to your device. All the while, the device will need to maintain an open http connection to your public server in order to finally receive the credentials and proceed to request the user data directly from netflix. The whole round trip should not take more than roughly 15 seconds so HTTP timeouts should not be an issue. You'll need to first study(i.e. "screen scrape") the netflix login html page to extract the necessary/relevant html form param names etc. Good luck.
I found these two pages helpful:
- https://fireeagle.yahoo.net/developer/documentation/oauth_best_practice
- https://fireeagle.yahoo.net/developer/documentation/mobile_auth
精彩评论