问题
I'm trying to get user to authenticate my app to work with his data stored on MapMyRun(https://developer.underarmour.com/apps/myapps).
Here is my code:
let oauth2 = OAuth2CodeGrant(settings: [
"client_id": "asdasdasd",
"client_secret": "asdasdasd123",
"authorize_uri": "https://www.mapmyfitness.com/v7.1/oauth2/uacf/authorize/?client_id=asdasdasd&response_type=code&redirect_uri=http://localhost.mapmyapi.com:12345/callback",
"token_uri": "https://api.mapmyfitness.com/v7.1/oauth2/access_token/",
"redirect_uris": ["http://localhost.mapmyapi.com:12345/callback"],
"api-key":"asdasdasd",
"grant_type": "authorization_code",
"keychain": false, // if you DON'T want keychain integration
] as OAuth2JSON)
override func viewDidLoad() {
super.viewDidLoad()
startAuthorization()
// Do any additional setup after loading the view.
}
func startAuthorization() {
oauth2.logger = OAuth2DebugLogger(.trace)
oauth2.authorize() { authParameters, error in
if let params = authParameters {
print("Authorized! Access token is in `oauth2.accessToken`")
print("Authorized! Additional parameters: \(params)")
}
else {
print("Authorization was cancelled or went wrong: \(String(describing: error))") // error will not be nil
}
}
}
And my output:
[Debug] OAuth2: Starting authorization
[Debug] OAuth2: No access token, checking if a refresh token is available
[Debug] OAuth2: I don't have a refresh token, not trying to refresh
[Debug] OAuth2: Opening authorize URL in system browser: https://www.mapmyfitness.com/v7.1/oauth2/uacf/authorize/?redirect_uri=http%3A%2F%2Flocalhost.mapmyapi.com%3A12345%2Fcallback&client_id=asdasdasdasd&response_type=code&state=123123123
So far what I'm getting is a correct redirection on
http://localhost.mapmyapi.com:12345/callback + /callback state=&code=xxxxxxxxxxxxxxxxxxxxxxxx
but OAuth2 doesnt handle this.
How to make it authenticate with MapMyRun? My idea is to implement a deeplink for eg. register:// and here would be all callback data. And this would be handled by next post request that will get us an access token.. But this sounds to me a bit to complicated.
Is there any other way to fix it?
I'm trying to rewrite my python code which works perfectly but now I need to put this on my iOS app :D
https://developer.underarmour.com/docs/v71_OAuth_2_Demo
import logging
import os
import sys
import urlparse
import webbrowser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
import requests
#logging.basicConfig(level=logging.DEBUG)
# Store your client ID and secret in your OS's environment using these keys, or
# redefine these values here.
CLIENT_ID = os.environ.setdefault("MMF_CLIENT_ID", "asdasdasdasd")
CLIENT_SECRET = os.environ.setdefault("MMF_CLIENT_SECRET", "asdasdasd123123")
print CLIENT_ID
if CLIENT_ID is None or CLIENT_SECRET is None:
print 'Please ensure $MMF_CLIENT_ID and $MMF_CLIENT_SECRET environment ' \
'variables are set.'
sys.exit(1)
# As a convenience, localhost.mapmyapi.com redirects to localhost.
redirect_uri = 'http://localhost.mapmyapi.com:12345/callback'
authorize_url = 'https://www.mapmyfitness.com/v7.1/oauth2/uacf/authorize/?' \
'client_id={0}&response_type=code&redirect_uri={1}'.format(CLIENT_ID, redirect_uri)
# Set up a basic handler for the redirect issued by the MapMyFitness
# authorize page. For any GET request, it simply returns a 200.
# When run interactively, the request's URL will be printed out.
class AuthorizationHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200, 'OK')
self.send_header('Content-Type', 'text/html')
self.end_headers()
self.server.path = self.path
parsed_redirect_uri = urlparse.urlparse(redirect_uri)
server_address = parsed_redirect_uri.hostname, parsed_redirect_uri.port
print 'server_address:', server_address
# NOTE: Don't go to the web browser just yet...
webbrowser.open(authorize_url)
# Start our web server. handle_request() will block until a request comes in.
httpd = HTTPServer(server_address, AuthorizationHandler)
print 'Now waiting for the user to authorize the application...'
httpd.handle_request()
# At this point a request has been handled. Let's parse its URL.
httpd.server_close()
callback_url = urlparse.urlparse(httpd.path)
authorize_code = urlparse.parse_qs(callback_url.query)['code'][0]
print 'Got an authorize code:', authorize_code
access_token_url = 'https://api.mapmyfitness.com/v7.1/oauth2/access_token/'
access_token_data = {'grant_type': 'authorization_code',
'client_id': CLIENT_ID,
'client_secret': CLIENT_SECRET,
'code': authorize_code}
response = requests.post(url=access_token_url,
data=access_token_data,
headers={'Api-Key': CLIENT_ID})
print 'Request details:'
print 'Content-Type:', response.request.headers['Content-Type']
print 'Request body:', response.request.body
# retrieve the access_token from the response
try:
access_token = response.json()
print 'Got an access token:', access_token
except:
print 'Did not get JSON. Here is the response and content:'
print response
print response.content
# Use the access token to request a resource on behalf of the user
activity_type_url = 'https://api.ua.com/v7.1/activity_type/'
response = requests.get(url=activity_type_url, verify=False,
headers={'api-key': CLIENT_ID, 'authorization': 'Bearer %s' % access_token['access_token']})
# Refresh a client's credentials to prevent expiration
refresh_token_url = 'https://api.ua.com/v7.1/oauth2/uacf/access_token/'
refresh_token_data = {'grant_type': 'refresh_token',
'client_id': CLIENT_ID,
'client_secret': CLIENT_SECRET,
'refresh_token': access_token['refresh_token']}
response = requests.post(url=refresh_token_url, data=refresh_token_data,
headers={'api-key': CLIENT_ID, 'authorization': 'Bearer %s' % access_token['access_token']})
print 'Request details:'
print 'Content-Type:', response.request.headers['Content-Type']
print 'Request body:', response.request.body
try:
access_token = response.json()
print 'Got an access token:', access_token
except:
print 'Did not get JSON. Here is the response and content:'
print response
print response.content
# Attempt another request on the user's behalf using the token
refresh_token = response.json()
response = requests.get(url=activity_type_url, verify=False,
headers={'api-key': CLIENT_ID, 'authorization': 'Bearer %s' % access_token['access_token']})
Thank you!
CC: @Makaille
回答1:
I solved my problem.
I set a deeplink redirecting to my app: register://callback
Then in mapmyrun settings for my app I set a callback link pointing to my deeplink. I wrote it in ruby and this sits on my backend server:
#!/usr/bin/env ruby require 'rubygems' require 'sinatra' get '/mapmyruncallback' do redirect 'register://callback' end
Then in AppDelegate.swift I put "oauth2.handleRedirectURL(url)"
func application(_ application: UIApplication, open url: URL, sourceApplication: String?, annotation: Any) -> Bool { print("url path :\(url)") oauth2.handleRedirectURL(url) return true }
voilà! :)
来源:https://stackoverflow.com/questions/43524410/oauth2-for-mapmyrun-using-swift-3