Forum Discussion

frequent's avatar
frequent
Explorer | Level 3
8 years ago

How to get out of OAuth2 invalid key not forwarding to a redirect-uri?

(also posted on Stackoverflow

 

I'm using oauth2 client-side to authenticate users on my application and am stuck on handling errors, case in point being an invalid key.  I'm opening a popup which upon successful auth redirects to my parent-url (loading the parent page in the popup) and passing back the oauth token to the parent).

 

If oauth2 fails for any reason, there is no redirect and I'm stuck in the popup. So I was wondering whether there was any way to actively manage this error. Currently I'm doing this:

 

function (window, rJS, RSVP, promiseEventListener) {
  "use strict";

  var REQUEST_TIMEOUT = 10000;

  function getUrlParameter(name, url) {
    // retrieves url param
  }

  function uuid() {
    // returns an uuid
  }

  function setState() {
    var state = uuid();
    window.sessionStorage.setItem("state", state);
    return state;
  }

  function getState() {
    return window.sessionStorage.getItem("state");
  }

  rJS(window)

    .ready(function () {
      return this.initializeDropboxConnection();
    })
    .declareMethod("getDropboxConnect", function (my_url, my_name, my_config) {
      var popup;
      var popup_resolver;
      var resolver = new Promise(function (resolve, reject) {
        popup_resolver = function resolver(href) {
          var test = getUrlParameter("state", href);

          if (test && getState() === test) {
            window.sessionStorage.setItem("state", null);
            resolve({
              "access_token": getUrlParameter("access_token", href),
              "uid": getUrlParameter("uid", href),
              "type": getUrlParameter("token_type", href)
            });
          } else {
            reject("forbidden");
          }
        };

        popup = window.open(my_url, my_name, my_config);
        popup.opener.popup_resolver = popup_resolver;
        return promiseEventListener(popup, "load", true);
      });

      return new RSVP.Queue()
        .push(function () {
          return RSVP.any([
            resolver,
            RSVP.delay(REQUEST_TIMEOUT)
          ]);
        })
        .push(function (my_ouath_dict) {
          if (my_ouath_dict) {
            return my_ouath_dict;
          }
          popup.close();
          throw "You type too slow... or your key isn't valid";
        });
    })

    .declareMethod("setDropboxConnect", function (my_client_id) {
      return this.getDropboxConnect(
        "https://www.dropbox.com/1/oauth2/authorize?" +
          "client_id=" + my_client_id +
          "&response_type=token" +
          "&state=" + setState() +
          "&redirect_uri=" + window.location.href,
        "",
        "width=480,height=480,resizable=yes,scrollbars=yes,status=yes"
      );
    })

    .declareMethod("initializeDropboxConnection", function () {
      // oauth popup will open same page and we will end up here, too
      // but when inside the popup, the opener must be set
      if (window.opener === null) {
        return;
      }

      // window.opener returns ref to window that opened this window
      // https://developer.mozilla.org/en-US/docs/Web/API/Window/opener
      // this passes the token to the promise waiting above
      return window.opener.popup_resolver(
        window.location.hash.replace("#", "?")
      );
    });

}(window, rJS, RSVP, promiseEventListener));

so after 15 seconds I force-close and assume something went wrong. Not really an optimal solution so I was wondering whether there is anything available to redirect in case of error and maybe pass an error token, so the application can handle.


Thanks!

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    Unfortunately there isn't a good way to catch these errors, but I'll pass this along as a feature request.
    • frequent's avatar
      frequent
      Explorer | Level 3

      Thanks for the info and feature request :)

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 14 hours ago
352 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!