Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I develop against OAuth locally?

Tags:

python

oauth

I'm building a Python application that needs to communicate with an OAuth service provider. The SP requires me to specify a callback URL. Specifying localhost obviously won't work. I'm unable to set up a public facing server. Any ideas besides paying for server/hosting? Is this even possible?

like image 710
CoolGravatar Avatar asked Mar 22 '09 01:03

CoolGravatar


People also ask

Does OAuth work on localhost?

Apparently you can add localhost as a trusted domain on the Google Developer Console, since localhost is an exception for most rules as you can see here. This can be done on this page under OAuth 2.0 Client IDs. Click edit and then add http://localhost:8000 or similar ports, and hit save.

How do I get OAuth client ID for localhost?

OAuth client ID.For Application type, select Web application. For Name, enter a name for the OAuth web client. For Authorized JavaScript origins, click Add URI and enter the HTTP origins that host the Google Workspace Migrate platform (for example, http://localhost:5131). Click Create.

What is the most common type of application you encounter when dealing with OAuth servers?

Server-side apps are the most common type of application encountered when dealing with OAuth servers. These apps run on a web server where the source code of the application is not available to the public, so they can maintain the confidentiality of their client secret.


3 Answers

Two things:

  1. The OAuth Service Provider in question is violating the OAuth spec if it's giving you an error if you don't specify a callback URL. callback_url is spec'd to be an OPTIONAL parameter.

  2. But, pedantry aside, you probably want to get a callback when the user's done just so you know you can redeem the Request Token for an Access Token. Yahoo's FireEagle developer docs have lots of great information on how to do this.

Even in the second case, the callback URL doesn't actually have to be visible from the Internet at all. The OAuth Service Provider will redirect the browser that the user uses to provide his username/password to the callback URL.

The two common ways to do this are:

  1. Create a dumb web service from within your application that listens on some port (say, http://localhost:1234/) for the completion callback, or
  2. Register a protocol handler (you'll have to check with the documentation for your OS specifically on how to do such a thing, but it enables things like <a href="skype:555-1212"> to work).

(An example of the flow that I believe you're describing lives here.)

like image 156
sblom Avatar answered Oct 06 '22 01:10

sblom


In case you are using *nix style system, create a alias like 127.0.0.1 mywebsite.dev in /etc/hosts (you need have the line which is similar to above mentioned in the file, Use http://website.dev/callbackurl/for/app in call back URL and during local testing.

like image 26
Kracekumar Avatar answered Oct 06 '22 00:10

Kracekumar


This was with the Facebook OAuth - I actually was able to specify 'http://127.0.0.1:8080' as the Site URL and the callback URL. It took several minutes for the changes to the Facebook app to propagate, but then it worked.

like image 20
Jamie Fristrom Avatar answered Oct 06 '22 00:10

Jamie Fristrom