As Kumar proposed, "origin" is one solution but only in 1.1. Also "origin" is rather for more controlled CORS configuration on your server and Persona logins.
The best solution is "redirects" [1], used in all OAuth implementations in gaia apps in 1.0.1+. You can check their use in gaia communications app [2]. You basically specify a URL for "from" and an app-internal path for "to". When in your app context, main window or popup, a server redirects to the "from"URL, the specified "to" path will be served with all the parameter and hash values attached to the "from" URL. This enables OAuth for FB and Twitter. There is a bug open that will fix correct handling of "redirects" in the Simulator; it should land for 1.1 [3]. Cheers, --- Harald Kirschner | Partner Engineer & Web Craftsman | [email protected] (mailto:[email protected]) [1]: https://developer.mozilla.org/en-US/docs/Web/Apps/Manifest#redirects [2]: https://github.com/mozilla-b2g/gaia/tree/v1.0.1/apps/communications [3]: https://bugzilla.mozilla.org/show_bug.cgi?id=889356 El miércoles, julio 10, 2013 a las 5:53 PM, Kumar McMillan escribió: > > On Jul 10, 2013, at 3:57 PM, Peter Rukavina <[email protected] > (mailto:[email protected])> wrote: > > > The new Dropbox Datastore API for JavaScript > > (https://www.dropbox.com/developers/datastore/docs/js) requires developers > > to register a redirect URI for its OAuth authentication to Dropbox. > > > > ---snip--- > > The API does not allow a redirect URI to be specified as a parameter in the > > JavaScript authentication call, and so when Firefox OS apps attempt to use > > the API an error like this results: > > > > Error (400) > > It seems the app you were using submitted a bad request. > > If you would like to report this error to the app's developer, > > include the information below. > > > > More details for developers > > > > Invalid redirect_uri: \ > > "app://8b85b008-f796-024e-979f-ab8bbf5125f9/index.html".\ > > It must match one of the redirect URIs you've pre-configured for your app > > ---snip--- > > > > I asked Dropbox about this > > (https://forums.dropbox.com/topic.php?id=102866#post-556225) and the reply > > was: > > > > ---snip--- > > I'm afraid I don't know what options are available in Firefox OS. The > > redirect URI does indeed need to be specified ahead of time, for security > > reasons. > > On other mobile platforms, like iOS and Android, apps are able to register > > themselves for app-specific callback URIs, and this is how they complete > > flows like OAuth 2.0. Is there something similar for Firefox OS? > > ---snip--- > > > > What are my options for Firefox OS? As far as I can determine, the URI that > > Dropbox see as the "calling URI" -- > > app://8b85b008-f796-024e-979f-ab8bbf5125f9/index.html in my case -- isn't a > > constant and will change depending on the device the app is installed on. > > Correct? > > Hi. You would need to either open an iframe into your server and postMessage > back some data (this could be very insecure if done wrong) or wait until > Firefox OS 1.1 which will have origin support. Here is some more info: > https://groups.google.com/d/msg/mozilla.dev.webapps/8_yP3gOMUK0/_PU40awnN8gJ > > > _______________________________________________ > > dev-webapps mailing list > > [email protected] (mailto:[email protected]) > > https://lists.mozilla.org/listinfo/dev-webapps > > > > > _______________________________________________ > dev-webapps mailing list > [email protected] (mailto:[email protected]) > https://lists.mozilla.org/listinfo/dev-webapps > > _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
