7

I'm writing an application that will integrate a web application (i.e. Harvest). The web application supports authorization via OAuth2.

The workflow seems to be:

  1. Direct the user to a specific URL where they can be authenticated and give permission to my application.

  2. Within that first request, I'm supposed to provide a callback uri that will receive the authorization token.

  3. Use the sent authorization token to make requests on behalf of the user.

The first part seems simple enough, but what should the callback uri be? This isn't a website, it doesn't have an exposed web interface.

Brendan Abel
  • 35,343
  • 14
  • 88
  • 118
  • Possible duplicate of [OAuth 2.0 for desktop and mobile applications](http://stackoverflow.com/questions/13753969/oauth-2-0-for-desktop-and-mobile-applications) – metatoaster Sep 21 '16 at 01:37
  • 1
    Though alternatively your application can listen on localhost, according to [Google's dev guide](https://developers.google.com/identity/protocols/OAuth2InstalledApp) – metatoaster Sep 21 '16 at 01:39
  • 1
    @metatoaster Yeah, that other question didn't really have an answer, just a link to a 6-year old proposal to fix OAuth so that it actually worked with native apps, along with a handful of workarounds that all seem to require running a web server somewhere. I was hoping something had changed in the last 6 years. – Brendan Abel Sep 21 '16 at 01:50
  • If by `redirect_uri` you mean `callback_uri`, it's optional as per [RFC 6749 section 4.1.1](https://tools.ietf.org/html/rfc6749#section-4.1.1), with [section 9](https://tools.ietf.org/html/rfc6749#section-9) fully discuss what you need to do for your native application, which the dev guide I linked earlier also discussed. You have to do the work to figure out which of those solutions are best for you. – metatoaster Sep 21 '16 at 01:59
  • 1
    Also, the accepted answer in the duplicate I suggested also explicitly stated "registering a custom URI with the desktop operating system" which is also from the RFC (which stated "redirection URI with a scheme registered with the operating system"). That is basically as good as an answer you will get for these generic protocol type questions. – metatoaster Sep 21 '16 at 02:02
  • I used the callback_uri to send the AuthCode then start my App as commandline params so you can catsh communicate with your remote server. I used https://github.com/Microsoft/cpprestsdk/wiki/Getting-Started-Tutorial. if you want to know how to start your app I will send you the method – abdulrhmanOmran Nov 29 '19 at 07:41

0 Answers0