Authentication with OAuth2 Guide Java
Currently using the Box Guide "Authenticate with OAuth 2" with java
import org.bouncycastle.math.ec.ECCurve.Config; import zero**removed**.config; import com.box.sdk.BoxAPIConnection; import com.box.sdk.BoxFolder; import com.box.sdk.BoxItem; public class auth { public static void main(String[] args) { // TODO Auto-generated method stub // Redirect user to login with Box String box_redirect = config.box_redirect + "?response_type=code" + "&client_id=" + config.client_id + "&redirect_uri=" + config.redirect_uri; res.redirect(box_redirect); //res cannot be resolved get("/return", (req, res) -> { //method not applicable for given arguments // Capture auth code String code = req.queryParams("code"); // Instantiate new Box API connection object BoxAPIConnection client = new BoxAPIConnection(Config.client_id, Config.client_secret, code); // PERFORM API ACTIONS WITH CLIENT }); } } }
What does res stand for and how are the arguments for the get method defined.
beginner friendly answer please
thanks in advance and kind regards
-
In this example, the `res.redirect()` and `get()` methods represent the Java web server redirecting the user to a specific URL, and handling a specific route (GET /return), respectively. Depending on exactly what web server framework you're using, you may need to use different code to accomplish the same thing.
-
I'm new to programming and I don't really know a way to implement the authentication now.
I've looked it up but I'm not finding any sample code for the OAuth User authentication.
Could someone who implemented the OAuth 2.0 share a working code example so I can try to understand it from there?
-
I think the misunderstandings come from people trying to implement a desktop or desktop-like application that can receive an auth code and continue from there.
I have a similar open question, but using Box.v2 for .NET. There doesn't seem to be a way to receive an auth code from BOX unless it comes from a redirect URL.In other words, the Box API will send an auth code to a URL that YOU SPECIFY. This means you need some kind of web service endpoint to pick up the call so you can take the auth code and create an OAuth2 session with it.
Because your desktop application doesn't have a web endpoint (or can't listen to that web endpoint) you can't really pick up the redirect URL call from Box (unless your application implements some sort of web server).I wish BOX would provide a way to use an async event (from C#, in my case) that would return the auth code so that we could keep our application on the desktop and not be forced to implement it as a web application.
Chad. -
The typical ways I've seen this handled for desktop applications is to use either a webview controlled by the application, or have a redirect URL scheme that the application can receive directly. Neither of these requires a web service to complete the OAuth2 flow; you should be able to use either depending on how your application is built.
If your application can create a web view that it controls, you can use it to load the authorize page URL that you world normally redirect a user to. In this scenario, your app can use a redirect URL like "http://example.com" or "http://localhost/"; when the web view is redirected to that URL with the auth code, you should be able to get the URL from the web view and parse the auth code out of the query parameters (e.g "http://example.com/?code= code>").
Another option is to do what apps like Slack do, and register your application to handle a URL scheme like "yourapp://". Then, if you set your app's redirect URL to something like "yourapp://authenticate", when the user finishes entering their credentials they will be redirected to your app, which will receive the auth code directly in the loaded URL with the custom scheme (e.g. "yourapp://authenticate?code=").
Hopefully that helps! The important takeaway here is that yes, Box will redirect to whatever URL you specify. However, that URL does not need to point to a web service — it can point to your desktop application via a custom scheme, or can point to a dummy URL to allow the controlling client process to just read the URL from a web view.
-
Thanks . There's some network magic going on there that I'm not qualified to implement. The engineer in me wonders how the Box server (somewhere far away) can resolve the location of a process (on my local machine) when all I provide to it is http://example or something.
Thank you for the explanation. I'll have to try it out next time.
Best,Chad.
サインインしてコメントを残してください。
コメント
8件のコメント