About EasyMorph Tutorials & Examples Web-help

Auth code/URL Listening - possible to do it remotely?

Hello,

If EasyMorph Desktop is installed in a server, and we are setting up an oAuth2 connection, is it possible to have a Redirect URI that is not localhost, but the actual address of the server, and port 7890?

So having for example as Redirect URI “https://myserver.com:7890/authorize”. If a person in another computer gives the authorization and they are redirected to this URL, will I see how in the EasyMorph Desktop installed in Server, the authorization is processed automatically and the following window is closed:

image

To then automatically show:

image

I’m trying to authorize Salesforce and they require the Redirect URI to be https://. I also have EasyMorph Server running in port 443 (for HTTPS),

Does “https://myserver.com:7890/authorize” make sense? Because here I’m saying to connect to port 443 (which is https://) but at the same time I’m saying port 7890 (which is EasyMorph Desktop), so can there be a port confusion here?

Thanks,

Roberto

Hello!

If you’re trying to somehow disconnect OAuth authorization initiator and final code receiver - for example, start OAuth process on one pc and complete it on another - that is not possible. With Easymorph Desktop OAuth process has to be contained in one PC, that’s the one that initiates the process after you press the corresponding button in the Data Connector dialog.

  1. Easymorph code receiver/listener is HTTP only, regardless of the port selected. It occupies a pseudo-random free port (adapts to redirect URI to some extent), but it’s always HTTP. Most service providers (including Salesforce) restrict HTTP code flow to a single PC, and that’s why you see a requirement for HTTPS when you try to change redirect URI from localhost in Salesforce app settings.

  2. Easymorph expects to be the sole initiator and final endpoint of the OAuth process, and for achieving this it uses something called PKCE and state check. When authorization flow is initiated, a hidden code is attached to the auth request, and this code (or it’s cryptographically processed derivative) is verified when the process is finished. PKCE could be disabled in WebLocation provider, but state check is mandatory.

  3. The whole point of such separation goes against the intent behind OAuth flow. The purpose of OAuth, aside from separating the app being authorized and the user’s ‘master’ credentials, is to ensure that the person that initiates authorization is the person who has access to the target account. Technically what you’re trying to achieve is possible using the so-called ‘OAuth device flow’, but it’s meant for IoT devices and Easymorph doesn’t implement it anyway.

Hello Olysak,

Thanks for the detailed information. I will write a private message to you, I have a specific usage case.

Regards,

Roberto

Hi @roberto @olysak

Just to clarify.

is it possible to have a Redirect URI that is not localhost, but the actual address of the server, and port 7890?

You should be able to set any redirectUri. Even with https:// scheme. Even with urn:ietf:wg:oauth:2.0:oob . And even to non-existing site with https:// scheme. But your redirectUri should match your OAuth2 Application configuration and you have to manually copy-paste authorization code/browser url (after success authorization) into EasyMorph Desktop.

If a person in another computer gives the authorization and they are redirected to this URL, will I see how in the EasyMorph Desktop installed in Server, the authorization is processed automatically and the following window is closed:

Not automatically, but theoretically it is possible in such steps:

  1. You open EasyMorph Desktop and start OAuth2 connector authorization.
  2. You copy-paste opened link from web browser “as is” and immediately send to another person.
  3. Another person enters his/her credentials. His/ her browser redirects him/her to some redirect url.
  4. Person send you a full url where he/she were redirected / or authorization code.
  5. You enter received url/ authorization code into your EasyMorph Desktop (don’t close initial windows).
  6. Connector should be authorized.

Some companies uses a “dummy” redirectUri sites just to display authorization code in a friendly manner.

Easymorph code receiver/listener is HTTP only, regardless of the port selected. It occupies a pseudo-random free port (adapts to redirect URI to some extent),

That’s true, but port is not pseudo-random. It’s always a port from the specified redirectUri. (If we’re talking about WebRequest OAuth2).

1 Like

Hello @ckononenko,

Thanks very much for your input!

Not automatically, but theoretically it is possible in such steps:

  1. You open EasyMorph Desktop and start OAuth2 connector authorization.
  2. You copy-paste opened link from web browser “as is” and immediately send to another person.
  3. Another person enters his/her credentials. His/ her browser redirects him/her to some redirect url.
  4. Person send you a full url where he/she were redirected / or authorization code.
  5. You enter received url/ authorization code into your EasyMorph Desktop (don’t close initial windows).
  6. Connector should be authorized.

Some companies uses a “dummy” redirectUri sites just to display authorization code in a friendly manner.

Yes, that’s exactly what I was planning to do! I was thinking of adding two things to make it more friendly to the client:

  • In step 2: I wanted to pass the long URL with the authorization code through a URL shortener (such as https://bitly.com/, for example), so that the client receives a compact URL so its visually less “technical”.

  • In step 3 and 4: the user would be redirected to a page where there is a form (with one field) to fill out, and the user is asked to copy the current URL, paste it inside the form, and send it). This way the client doesn’t have to copy the URL and go to another application paste the URL, this way they can do it all from the RedirectUri, pasting the URL and sending it to us.

What do you think?

Thanks!

Roberto

Yes, that should work!

Regarding steps 3 and 4, if you already have such a form, maybe you can try prefilling it for convenience with window.location.href (using javascript) to skip the ‘copy from url’ step. But nevertheless, this kind of scenario should always end with you entering the resulting redirect uri/code manually into EasyMorph Desktop (e.g. step 5).

Hello @olysak,

Thanks for the idea regarding window.location.href. I’m not familiar with javascript (and I’m not building the form manually myself), but I understand that I should find a form service that I can embed which could be personalised with Javascript, and then investigate from there?

Thanks very much,

Roberto

Oh, I thought this was a form of your own making. If not, then I don’t think my advice about prefilling is applicable.

Ok, thanks in any case! :wink:

To learn more about EasyMorph visit easymorph.com.