admin管理员组文章数量:1339470
I have a single page app that integrates with other services such as Dropbox and LinkedIn. Dropbox, for instance, has great API and I got the authentication working by opening Dropbox's authentication link in another window. Once the user authenticates, I ask them to close that new window to return to my app.
Clearly this is suboptimal as it takes the user away from my app, and even more cumbersome on tablets.
How would I do the authentication within the app, such is in a lightbox or a modal form?
Note that the integration itself happens server-side not client side. Presently, the Dropbox authentication page has a call back page that signals to my server that authentication was successful, which I store in the user's table in the database for future use.
Note: The bounty ment should read: A code sample is highly desired but not required.
I have a single page app that integrates with other services such as Dropbox and LinkedIn. Dropbox, for instance, has great API and I got the authentication working by opening Dropbox's authentication link in another window. Once the user authenticates, I ask them to close that new window to return to my app.
Clearly this is suboptimal as it takes the user away from my app, and even more cumbersome on tablets.
How would I do the authentication within the app, such is in a lightbox or a modal form?
Note that the integration itself happens server-side not client side. Presently, the Dropbox authentication page has a call back page that signals to my server that authentication was successful, which I store in the user's table in the database for future use.
Note: The bounty ment should read: A code sample is highly desired but not required.
Share Improve this question edited Aug 29, 2012 at 17:15 Tony Abou-Assaleh asked Jul 4, 2012 at 1:29 Tony Abou-AssalehTony Abou-Assaleh 3,0402 gold badges27 silver badges38 bronze badges 3- Can you clarify where your app works, that is, is this a web app that the user accesses in their own browser, is it a native app/what platform, etc? – Greg Commented Jul 4, 2012 at 19:39
- It's a web-app built on Backbone and friends, and will also be made available for download on mobile using PhoneGap. I may be able to use the Dropbox SDK with PhoneGap, so this question is focused on in-browser web-app. – Tony Abou-Assaleh Commented Jul 4, 2012 at 19:45
- thanks for the quick clarification! I've posted my answer, let me know if I misunderstood :-) – Greg Commented Jul 4, 2012 at 19:53
3 Answers
Reset to default 11 +100What you're proposing is to defeat the security model, so it should not be possible. The user should be able to see the URL of the real page for verification. Imagine when you're making a payment with Paypal, you likely check that you're on paypal. before entering your important data right? The same applies to all other apps. It's a very ugly flow, but the best the industry has e up with today.
The ideal flow is you redirect user to the third-party web site or app, user logs in and authorizes, then redirects back to you. A native app has the benefit of switching to another native app, so the flow is a bit less ugly.
The work around that would do what you want is an app asking for user's name and password to the 3rd party service, then doing the auth dance themselves behind the scenes. This will likely deter users from your app and is very dangerous. I do not remend it.
You may load the authorization endpoint in a iframe on your webpage. However, notice that some browsers have limitations on cookies sent to the login provider within an iFrame. Typically (Safari, iOS) you have only read access to the cookies, which is sufficient if the session cookie is already set at the provider.
On your callback page - where you are sent back from dropbox after authentication; you will need to call a javascript function to trigger an event at the parent page, that authentication is done.
window.parent.AppController.authenticationComplete();
The parent then may remove the iframe, and proceed as authenticated.
authenticationCompleted = function() {
// [snipp]
$("iframe#loginwrapper").remove();
}
Because of the potential cookie problem, I'd recend you to perform all the authentication steps initiated from the server end, before the main HTML page is served at all. Then you will make sure that your app is not loaded twice. This is typical behaviour of many authentication/identity middleware software solutions.
When you mention app it is unclear whether you mean a pure WebApp, or if you have the control available in a hybrid app by using frameworks such as Phonegap. With Phonegap or similar, you may load a browser inside the browser inside the app - in that case the ChildBrowser is not limited with the same cookie limitations.
I recently wrote a tutorial on how to make this work with Phonegap and Childbrowser for iOS.
- OAuth 2.0 Guide for Phonegap using ChildBrowser and JSO
Notice that this tutorial is on using OAuth 2.0 which is somewhat different from OAuth 1.0.
If your app is a web app, the best way to streamline the flow is to just redirect the current page (e.g., How to redirect to another webpage in JavaScript/jQuery? ) to the /authorize page on Dropbox, with an oauth_callback to a page on your app that indicates the process was pleted.
This way the flow is just:
- (on your app) user clicks button to start OAuth flow
- (your app redirects to Dropbox authorize page) user authorizes app
- (Dropbox redirects per oauth_callback to your app) app gets access token and is ready to use integration
And this all happens within a single page, without closing/opening extra windows.
版权声明:本文标题:javascript - How to do Dropbox authentication in a single page app without opening a new window? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743584046a2506156.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论