• Replies 3 replies
  • Subscribers 16 subscribers
  • Views 865 views
  • Users 0 members are here
Options
Related

Toybox::Communications makeWebRequest prevent redirects + access cookies?

Former Member
Former Member over 6 years ago
Hi,

I am trying to authenticate against a web service that doesn't support OAuth. I run into two issues while attempting to do this:
  • The web service replies with an HTTP 302 response code on successful login. My callback is not invoked with that response however, instead the module method makeWebRequest makes another request to the web service with the updated Location, using the same method, options and parameters.
  • In the response, the web service sets a cookie containing the authentication token. I would like this cookie to be sent on subsequent requests to the same host. The module method makeWebRequest doesn't seem to do this, nor does it allow me to access the cookie value returned on the initial request.
I talked to the web service owners, but they don't have any plans at this point to support OAuth.

Any suggestions?

Thanks,

Ernst.
  • over 6 years ago
    The only course of action that I can see would be to prop up a web service of your own. This service would receive the original request, and then forward the request on to the actual service and collect the 302 response. It would then follow the redirect, grab the cookie header, and then send that back to your app in the response body. You should be able to implement something like this using AWS Lambda + API Gateway or Google App Engine in a few hours if you know one of the supported languages.

    I've been using Google App Engine to host a service that does basically the same thing for a few years. My app takes a web response that is a plain text string and re-formats it as a JSON message and sends it back with the appropriate HTTP headers to be processed by Garmin Connect Mobile. It has been up for over two years now and I've never exceeded the limits of the free tier (1GB of incoming data, 1GB of outgoing data, and 28 CPU hours per day). Even if it were to exceed the free limits, the costs would be insanely low.

    Travis
  • Former Member
    Former Member over 5 years ago in reply to Travis.ConnectIQ

    While that would work technically, from a security perspective it would be a no-go, as it would require me to pass someones credentials through a third party web service.

  • over 5 years ago in reply to Former Member

    it doesn't look like grabbing cookies in connect iq is to be implemented soon if at all, so you will need some kind of workaround...

    someones credentials through a third party web service

    you could wrap a webservice together in eg php and host that service on your own hosting.