krisrak / jquery-cordova-oauth2 Goto Github PK

When you type more than one parameter allowed in the scope url google is invalid and is not generated the token.

I found the problem and found that making a small change in the code solves the problem.

Only modify the line of 85 "var loginwindow = window.open (login_url, '_blank', 'location = yes');" to "var = loginwindow window.open (decodeURIComponent (login_url), '_blank', 'location = yes');" and is solved!

Hi,

I tried your example. but am getting error please help me.

$.oauth2({
auth_url: 'https://www.facebook.com/dialog/oauth',
response_type: 'token',
client_id: '2063360807218431',
redirect_uri: 'http://10.10.11.211:3000',
other_params: {

                    scope: 'basic_info',
                    display: 'popup'
              }

I'm looking at the first example "Google Oauth2 (Authorization code grant)", that is listed in the readme and it is asking the developer to include their "client_secret". Correct me if I am wrong, but storing a client_secret in a cordova app is insecure since a malicious party can reverse engineer the app (i.e. decompile the android APK file) and extract the secret key and use it for other malicious activities on behalf of the app. Such a key should only be stored on a server and not in code or shipped software. Typically, in case of web apps, the application server needs to call environment variables that are securely configured (example: http://kalapun.com/posts/node-js-open-source-and-secret-keys/).

Here is what think we may need to do for jquery-cordova-oauth2 since Cordova is for mobile/device apps:
1 - In documentation and code add explicit warnings that it is a security issue to include client_secrets.
2 - Replace the example in readme with one that does not require a secret key. See https://developers.google.com/identity/protocols/OAuth2UserAgent
3 - Disable usage of client_secret, since if someone decides to use it, they are effectively distributing their client secret publicly with their app distribution.

Hi, I am creating a cordova based hybrid application and we will be integrating with exchange and sharepoint services. can you let me know if this library can be used for single sign on?

Does it support custom OAuth2 implementations? If so can you please let me know the steps?

Hello, i want to get name,firstname vs..

how to get firstname facebook token?

Am getting this error trying to do Oauth2 with facebook:
Unsafe JavaScript attempt to initiate navigation for frame with URL...
from frame with URL ... The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
Please help.

I built app using phonegap and installed it in my phone. But when i click on the button nothing happens. Any suggestion?

Hi there. And thank you for your nice library.

I am using this library implicit call for a custom service of mine.

The problem is that I cannot get it to close the inappbrowser.

I have even tried window.open('','_self').close(); or window.close(); after the authentication takes place but I get a

"Scripts may close only the windows that were opened by it."

Do you have any idea on how to close the inappbrowser and therefore fire the callback function of the oauth2?

Thank you!

Hi,

working fine with google and facebook. Twitter, though, complains about the token being absent. I suspect that's because twitter expects a different key name.
Any idea how to solved this?

Many thanks

i tried your example.
function oauth2_login() {
$.oauth2({
auth_url: 'https://www.facebook.com/dialog/oauth',
response_type: 'token',
client_id: 'XXXXXXXXXXX',
redirect_uri: 'http://www.zonnix.net',
other_params: {}
}, function(token, response){
// makeAPICalls(token);
return;
}, function(error, response){
console.log(error);
return;
});

when i tried it in the emulator ... after successful login the page redirected to the "redirect_url"
Please could u tell me how to avoid the redirect. The facebook force me to insert "redirect_url" related to my valid domain

Hi,

when I try to window.open to a _blank target (as it is in your fine js library), then it gets a

"Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."

Do you have a clue why this is happening in the browser device and not in Android?

It is a pain to have to recompile to the android device or simulator.

:-)

Had to go into project/plugins and activate "In App Browser" plugin before the redirect worked....

Hi,

I'm trying to make my very first Cordova App and encounter a problem with oauth2 :
After using your plugin a new window appear where I can allow or deny my app but right after clicking the authorization button I'm redirected to the URI and not the application...

Tested on web browser (without Cordova compliation) and Android phone (with Cordova compilation)

Did I miss something ?

When I run this app authorization window pops up and I enter my authorization details then I can see redirect uri on url with http 404 error not found. I put alerts in cordova.oauth2.js file what I see is url got loaded but none of code below got executed. When I do console.log at every place it gets executed even before I enter authorization details.

And the variables do not get caught after that loginWindow.close(); does not fire.

Using cordova 3.4 with inappbrowser
Jquery 2.1.1
Android 4.2.2 and 4.4.2

What may be the issue?

Hi,
I used jquery-cordova-oauth2 and it is working in google integration and i just wan to know that will it work in twitter as well?
Please let me know.

Thanks
Shivam

If not, do you intend on testing it with Twitter?

Recently I've been trying to make a system login with Facebook to use it in Indel XDK and I am unable to get the token once you've logged.

I'm using the sample code and adapted:

function oauth2_login_facebook () {
			$.oauth2({
				auth_url: 'https://www.facebook.com/dialog/oauth',
				response_type: 'token',
				client_id: 'XXXXXXXXXXXXXXXXXX',
				redirect_uri: 'http://localhost/cliente/www/app.html',
				other_params: {scope: 'basic_info', display: 'popup'}
				}, function(token, response){
					$("#logs").append("<p class='success'><b>access_token: </b>"+token+"</p>");
					$("#logs").append("<p class='success'><b>response: </b>"+JSON.stringify(response)+"</p>");
				}, function(error, response){
					$("#logs").append("<p class='error'><b>error: </b>"+JSON.stringify(error)+"</p>");
					$("#logs").append("<p class='error'><b>response: </b>"+JSON.stringify(response)+"</p>");
			}); 
}

The problem is that I console.log in function (token, response) to see the token obtained but only reedirecciona me redirect_uri window.

I'm new to the subject and would not know Oauth well as theme redirect_uri, if would have to have a specific code or the address where you would only have to go once authentication has been made.

Google + Login throws an error:

Error: invalid_request
Missing required parameter: scope

I'll try to modify the js to send the scope as well will let you know if i get it fixed!

Nice job by the way!

First off, great plugin!

I'm currently receiving just the Facebook token, what about name, email and so on?
I tried playing with the scope object but with no success. Is it possible?

Hi,
Thank you for the plugin. I am not sure where I am doing wrong.
I am using cordova version 4.1.2 and building the app for iOS. Below are the steps I followed.

1. Created the client id for iOS application
2. In index.html copied the client ID and client Secret
3. response_type is given as "code"
4. redirect_uri I have given as "urn:ietf:wg:oauth:2.0:oob" which auto created while creating client ID
5. Have also installed in app browser plugin

Now when I run the app and click on "Oauth2 Login" button, the in app browser is opened with Google login screen.

I gave the credential and then , google displays the approval page with my application name.
When I click on "Accept" , I get the page with my login name and display pic , along with the "code". However I am not able to proceed further. The page has message "Please copy this code, switch to your application and paste it there" with a "code" in a textbox.

It should logically take me to success call back , however it stays on approval page. Attaching the page.

Please let me know , where am I doing mistake.

Thanks,
Sagar

Hi,
I see that index.html requesting a JS file xhr.js but its not there with the files, is it something that is required?