oauth 3 legged authorization for REST API is it possible?

Thu Jul 18, 2013 8:54 pm

Is there any documentation or exmaples on using oAuth and a 2 or 3 legged authorization with REST API? Specifically for tripit api. I see the facebook uses oauth but I can not figure how to get request token, etc. Should I be using security context? Or straight javascript/jquery?

Thu Jul 18, 2013 9:14 pm

Did you see this recent example? It has oAuth handling code. I'm not sure how close it gets to your needs.

http://docs.appery.io/tutorials/build...

More and more BaaS providers are offering oAuth as a service. I expect BaaS providers will eventually make oAuth dead simple. appery isn't there yet.

https://getsatisfaction.com/apperyio/...

Thu Jul 18, 2013 9:18 pm

I'd also check the Salesforce plug-in. It uses oAuth2.

One issue with BaaS providers is that they offer oAuth to only a few specific services such Twitter, Facebook, Foursquare. With Appery.io, you are not limited, you can connect to any API provider, no matter what authentication it uses.

Fri Jul 19, 2013 8:17 am

I have used the salesforce example plugin as a base point. The problem is that the SF app was working but now iIt gets and error -

Sandbox access violation: Blocked a frame at "http://appery.io" from accessing a frame at "https://login.salesforce.com". The frame being accessed is sandboxed and lacks the "allow-same-origin" flag. jquery-1.8.2.min.js:2
p.fn.p.init jquery-1.8.2.min.js:2
p jquery-1.8.2.min.js:2
iv_setup mobileframe.js:16
onload

However, I set up some code to connect to the api and and it worked with the modified doLogin () function from the SF example. This gave me a problem becuase I needed to POST the data not GET. So I changed to an ajax call with $post() but now I get the http:// Cross domain https:// problem and I can't call the https from appery http.

Anythoughts? Thanks a bunch for your help

Fri Jul 19, 2013 8:26 am

actually the SF app works on the phone not the browser. I will see if that may be my problem.

Fri Jul 19, 2013 3:12 pm

Hi Scott,

You cannot do POST request to a service located on another domain if the service itself does not allow it. Look at the log of networking (Network tab in Chrome developer tools or Net in Firebug). Before sending your request, the browser sends a request of the OPTIONS type. Depending on the response, the browser decides whether to send your request. Read more here: https://developer.mozilla.org/en-US/d...

As for the frame problem, try using https://appery.io as the basis for the project address. Then both connections will be encrypted.