Pinless OAuth on Adobe AIR for Android

2019-03-31 13:22发布

问题:

I got pinless OAuth working on Adobe AIR for Desktop, iOS, but not Android. For some reason, we're not getting the oauth_verifier (which contains the sha'd code) in StageWebView on an Android device. Any clue? Here's the debug for on desktop and on Droid 2; notice the 3rd line in the Droid 2 trace output which is missing all the OAuth variables after the callback URL.

Desktop:

AuthorizeTwitterService::onComplete, data: 
oauth_token=De2k4zANjzAhT3hXV4eqOfTVxJsshVIJjgsuwPMUg8&oauth_token_secret=s     WsBzyS43nh6DDBwLaogaWpVftoDaiYTJDfBKQE&oauth_callback_confirmed=true 
-------------------- 
TwitterLoginView::onLocationChange 
location: 
https://api.twitter.com/oauth/authorize?oauth_callback=oob&applicatio... 
-------------------- 
TwitterLoginView::onLocationChange 
location: https://api.twitter.com/oauth/authorize 
-------------------- 
TwitterLoginView::onLocationChange 
location: 
http://www.twitter.com/combovercharlie?oauth_token=De2k4zANjzAhT3hXV4&oauth_verifier=js1B4bAYfUer05a2rlZSDcOLOaIa66q93K24FUzrk

Droid 2:

AuthorizeTwitterService::onComplete, data: 
oauth_token=BtwJHbpaS5OWy1AMYdwl0ecGKGpU9AEcyrFYaXQ8&oauth_token_secret=Z2C     ff3ECfY5dp8dLLSA9qXvL2SRaZ3v5veStGuA00&oauth_callback_confirmed=true 
-------------------- 
TwitterLoginView::onLocationChange 
location: 
https://api.twitter.com/oauth/authorize?oauth_callback=oob&applicatio... 
Charlie&oauth_token=BtwJHbpaS5OWy1AMYdwl0ecGKGpU9AEcyrFYaXQ8&oauth_consumer     _key=LbMYslVau91uSAMZyGsOg 
-------------------- 
TwitterLoginView::onLocationChange 
location: https://api.twitter.com/oauth/authorize 
-------------------- 
TwitterLoginView::onLocationChange 
location: http://mobile.twitter.com/combovercharlie 

回答1:

I fixed it via Event.COMPLETE for my Droid 2 and Nexus One. I'm not even getting a LocationChangeEvent.LOCATION_CHANGING on my desktop nor Android, but bottom line, Event.COMPLETE does get the oauth_verifier sha'd pin in it. I can parse that out of StageWebView's location property, submit, and I'm good to go. Out of paranoia, I'm leaving all 3 events in there just in case. If you're curious, here's the redirect event differences between OS's via Mark Lochrie: http://kb2.adobe.com/cps/895/cpsid_89526.html.

Also, it's assumed your application is actually registered as a "web application", and not a desktop application, otherwise, you'll be forced to use a pin, and you won't get the oauth_verifier in the response URL. Yes, you can make up a callback URL to whatever you want; just make sure it's a standard URL that hopefully doesn't 404.

stageWebView = new StageWebView();
stageWebView.addEventListener(LocationChangeEvent.LOCATION_CHANGING, onLocationChange);
stageWebView.addEventListener(LocationChangeEvent.LOCATION_CHANGE, onLocationChange);
stageWebView.addEventListener(Event.COMPLETE, onLocationChange);
stageWebView.stage = stage;
stageWebView.viewRect = new Rectangle(0, 0, stage.stageWidth, stage.stageHeight);
// loaded from an OAuth library
// try http://code.google.com/p/oauth-as3/ or Tweetr http://wiki.swfjunkie.com/tweetr
stageWebView.loadURL(authenticationURL); 

var code:String;

function onLocationChange(event:Event):void
{
        var location:String;

    if(event is LocationChangeEvent)
    {
        location = LocationChangeEvent(event).location;
    }
    else
    {
        location = _stageWebView.location;
    }

    var search:String       = "oauth_verifier=";
    var ver:String          = location;
    var startIndex:int      = ver.lastIndexOf(search);
    if(startIndex != -1)
    {
        code = ver.substr(startIndex + search.length, location.length);
        // remove listeners and dispatch success here
    }
}