Recent

Author Topic: OAuth, Redirect URI and other weird creatures  (Read 362 times)

Ñuño_Martínez

  • Hero Member
  • *****
  • Posts: 1013
    • Burdjia
OAuth, Redirect URI and other weird creatures
« on: May 29, 2020, 11:24:07 am »
Actually not sure if this is the best sub-forum.  Move it if you think so.

Trying to summarize.

I started to do streaming through Twitch.tv and I realized there are not desktop applications for Linux.  I'm using ffmpeg from a terminal, but this doesn't allow too much control and you have to have a web-browser open to your channel to control some stuff.

So I was wondering to create a simple (ha!) application to do some management over the streaming, even calling ffmpeg instead of using the terminal, but as I've read public Twitch.tv API uses OAuth and forces to have a "Redirect URI".  About OAuth I have no idea how does it work or if it's possible to do such thing using Free Pascal (Indy? Synapse? ...).  About the URI, here they suggest to use a local webserver embedded in the application (I know it is possible to create a local webserver but I don't see why it is necessary).

Of course I'll ask in Twitch developers forum but I'm pretty sure they don't know what Pascal is so I first ask here for help and opinion, specially because I don't actually know what to ask them.  I did very few network programming with Free Pascal so I'm a bit lost.
Are you interested in game programming? Join the Pascal Game Development community!
Also visit the Game Development Portal

rvk

  • Hero Member
  • *****
  • Posts: 4171
Re: OAuth, Redirect URI and other weird creatures
« Reply #1 on: May 29, 2020, 01:16:41 pm »
About the URI, here they suggest to use a local webserver embedded in the application (I know it is possible to create a local webserver but I don't see why it is necessary).
A local webserver is necessary because the oauth opens up a browser to their authentication page. After the user accepts, the user gets redirected to your own url with the access token in the url itself.

Without that, you can't get to the access token because you usually don't have access to the browser data.

Your  "Redirect URI" can look like http://localhost:1500 and you'll only need to listen on port 1500 for the incoming connection. You can present a simple page with "my app now has access" or something.


Thaddy

  • Hero Member
  • *****
  • Posts: 10199
Re: OAuth, Redirect URI and other weird creatures
« Reply #2 on: May 29, 2020, 02:10:57 pm »
There's a good OAuth2 example in trunk (probably also 3.2.0)
I am more like donkey than shrek

Leledumbo

  • Hero Member
  • *****
  • Posts: 8226
  • Programming + Glam Metal + Tae Kwon Do = Me
Re: OAuth, Redirect URI and other weird creatures
« Reply #3 on: May 29, 2020, 07:52:31 pm »
Additionally, current OAuth version is a bit liberal, in the sense that the flow may be customized a bit. Most won't directly give you the access token in that redirect URI, but an authorization code that you must exchange with an actual access token. Instagram is a crazier example as even after that you're given a short term access token only, which you must exchange again with long term one if you're planning to use it for a longer time. Even so, eventually access token will and should expire for security. So you will have to regularly refresh the access token to get a new one. A sane OAuth implementation should provide this endpoint, where you should give a refresh token to get a new access token. Typically both are returned when you exchange the authorization code.

You can play around here to get a better understanding of how the protocol in each flows work.

Here's a little redirect server example (not directly working as you will need to substitute the placeholder values with something real):
Code: Pascal  [Select][+][-]
  1. program fpoauthclientexample;
  2.  
  3. {$mode objfpc}{$H+}
  4.  
  5. uses
  6.   SysUtils,
  7.   httpdefs,
  8.   httproute,
  9.   fpjson,
  10.   jsonparser,
  11.   fphttpclient,
  12.   fpHTTPApp;
  13.  
  14. procedure ExchangeAuthCodeWithAccessToken(ARequest: TRequest; AResponse: TResponse);
  15. var
  16.   LCode,LOAuthRes,LAccessToken: String;
  17.   LJSONRes: TJSONObject;
  18.   LAccessTokenNode: TJSONData;
  19. begin
  20.   LCode := ARequest.QueryFields.Values['code'];
  21.   if LCode = '' then begin
  22.     AResponse.Code := 400;
  23.     AResponse.ContentType := 'application/json';
  24.     AResponse.Content := '{"message":"code parameter is not provided or empty"}';
  25.   end else begin
  26.     try
  27.       LOAuthRes := TFPHTTPClient.SimpleFormPost('http://some.where/oauth/access_token','client_id=xxx&client_secret=yyy&grant_type=authorization_code=' + LCode);
  28.       LJSONRes := TJSONObject(GetJSON(LOAuthRes));
  29.       if Assigned(LJSONRes) then begin
  30.         LAccessTokenNode := LJSONRes.FindPath('access_token');
  31.         LAccessToken := LAccessTokenNode.AsString;
  32.         // now you have the access token, store it somewhere secure
  33.       end;
  34.     except
  35.       on e: Exception do begin
  36.         AResponse.Code := 500;
  37.         AResponse.ContentType := 'application/json';
  38.         AResponse.Content := '{"message":"' + e.Message + '"}';
  39.       end;
  40.     end;
  41.   end;
  42. end;
  43.  
  44. begin
  45.   HTTPRouter.RegisterRoute('/exchange',@ExchangeAuthCodeWithAccessToken);
  46.   Application.Initialize;
  47.   Application.Port := 9999;
  48.   Application.Run;
  49. end.
  50.  

Ñuño_Martínez

  • Hero Member
  • *****
  • Posts: 1013
    • Burdjia
Re: OAuth, Redirect URI and other weird creatures
« Reply #4 on: May 31, 2020, 12:34:00 pm »
Thanks for the comments and tips.  I'll follow the links and read the examples, and ask more question if needed. :)
Are you interested in game programming? Join the Pascal Game Development community!
Also visit the Game Development Portal

 

TinyPortal © 2005-2018