2

I am prototyping HipChat client and I'm stuck at building good authentication experience. I would like to implement similar authentication dialog as HipChat clients built by Atlassian provide. There is no need to generate auth tokens/etc, you just type email/password and client is able to obtain oauth token.

How do they do? Clients use com.atlassian.hipchat.win-clients as client_name in request to https://www.hipchat.com/users/authorize.

Question that I have: how do I register my own client? If I use any random name I get "Named OAuthClient not found ".

How to register client name that will work with any HipChat server, including hipchat.com?

vmg
  • 9,920
  • 13
  • 61
  • 90
  • 1
    I am having the same question. The doc is not quite clear on this. Let me start a bounty on this. If you find anything useful, please let me know. – orange Dec 30 '15 at 18:45
  • Here people say that it is currently not possible https://answers.atlassian.com/questions/32989448/writing-hipchat-client-hipchat-authentication :( – vmg Dec 31 '15 at 06:40
  • and their documentation on auth suck big time – vmg Dec 31 '15 at 06:41
  • I found an alternative way which requires a personal token and an integration token. Will post the idea later today. Only works for hipcat. @VitaliyGanzha – orange Jan 01 '16 at 18:16

2 Answers2

3

Updated:

I made an example. Please take a look.

https://github.com/chenghuang-mdsol/StandupCat

@VitaliyGanzha There's a way I used: Build an auth provider based on the integration token.

  1. Make an integration, take down the auth_token.
  2. Use this auth_token on the api here: https://www.hipchat.com/docs/apiv2/method/generate_token

use grant_type 'password', and fill username and password in your post request.

  1. It will return the user info.
  2. Based on the user info it returned, you do your membership provider.
  3. Note that this auth_token has very limited permission. If you want to do more than authentication, you need another personal auth_token which can be generated in your account center.

Tested in C# WCF

orange
  • 720
  • 3
  • 11
  • 27
  • Will this approach work with any server or instance of HipChat? Or in order to use it this integration has to be installed on per-server basis? – vmg Jan 05 '16 at 18:54
  • @VitaliyGanzha, Unfortunately the integration token is per-server. You have to build an integration for each server. The integration token does not apply to all. Unless, you publish the integration to hipchat market, I guess? (I don't have time to try) – orange Jan 05 '16 at 20:39
0

Here I've got an answer that it is not possible right now:

This is currently not possible. The flow you described with the com.atlassian.hipchat.win-clients oauth id is used internally inside our new desktop and mobile clients. The only other way to obtain an access token via a 3-legged oauth flow is to create an add-on that you have to require a HipChat customer to install. Our OAuth tokens are scoped by group. We don't have allow global tokens. Sorry about that.

https://answers.atlassian.com/questions/32989448/writing-hipchat-client-hipchat-authentication

vmg
  • 9,920
  • 13
  • 61
  • 90