Redirection to OAuth callback URL not working on Nokia N810 browser

I'm not sure what a redirect method "that older browsers can handle" is -- can you give a few more details on exactly what you'd like the Ubuntu One servers to do?

Also: Conboy syncing with Ubuntu One! Sweet. :-)

Actually I´m also not sure about the redirection, because I don´t know how Ubuntu One is doing it and I even don´t know what kinds of methods are available. I´m guessing that Ubuntu One uses javascript to redirect the browser to the callback URL and that this specific javascript call is not supported on the old Nokia browser.

Unfortunately I also don´t know how to debug the situation.

Maybe some details about the implementation on my side will help:
Conboy registers itself as an URL handler for conboy:// URLs. So if you click on a conboy:// link in the browser, Conboy gets activated and tries to handle the request. This is working even with the build in browser.

Now when requesting the OAuth token, Conboy sets "conboy://authenticated" as the callback URL. So after successful authentication Ubuntu One redirects the browser to this URL. The platform calls Conboy to handle that URL. Now Conboy detects that it is authenticated and reads out the OAuth Verifier which it then uses to trade the request token for an access token.

If I´m using a modern browser (N900 or Mobile Firefox) the redirection works and Conboy takes action. If I´m using the browser of the older N810 I just get a white page and no redirection happens.

I know, this was basically repeating what I already said, but maybe you have an idea how we could debug this. Or maybe you could provide some more information on how the browser redirection is done internally.

What I can try is, I could (as a test) provide a different callback URL. E.g. "http://google.com" and see whether or not Ubuntu One will redirect the browser there. Maybe it has something to do with the non-standard "conboy://" protocol I´m using?! I´ll test that as soon as I can.

It would be really great if we could solve this somehow, because after the authentication everything works fine.
This video here shows the complete process on the N900:
http://zwong.de/wp-content/uploads/2009/11/conboy_sync.ogv
http://zwong.de/wp-content/uploads/2009/11/conboy_sync.avi

Thanks for looking into that. I really appreciate it :)

We just do a standard HTTP redirect (a 302 code, from Django's HttpResponseRedirect) when going back to the OAuth callback; we're not using JavaScript or anything like that. So that's...strange, that the N810 browser doesn't support it.

Two things to try. First, does the N810 browser support your custom conboy: URL scheme at all? i.e., if you just enter conboy://something into the URL bar, does it start conboy? Secondly, does it support redirects to a conboy: URL? If you try visiting http://kryogenix.org/random/conboyredirect.php, you can test that -- that page just issues a 302 HTTP redirect to conboy://doesthiswork and that's it. So that may help you in testing?

Thanks for your suggestions and the redirect php script.

Clicking on a conboy:// link does open Conboy. I've just tested it again on a N810. But if I visit your provided URL I just see a blank page. The URL in the location bar stays the same and Conboy does not startup.

I thought you might do something fancy about the redirection, but if it is a plain 302 it looks like you can't do much on your side. Which is a pity, because I also can't do much as the browser won't receive updates anymore.

I'll check if the browser generally has problems with redirects or if it is only non-http targets. If http targets work (I think they do), I could set the callback URL to a website of mine, which then would display the OAuth verifier to the user. The User then could copy the verifier into a (not yet implemented) text box in Conboy. That's of course not very user friendly, but at least it could work.

If you have other suggestions, please let me know. Thanks for your time!

If I use "http://google.com" as callback URL, the browser correctly redirects, so I think you can't do anything about it. The problem lies with the browser and only occurs when a redirect is combined with a non-standard protocol :(

Feel free to close this bug, thanks again for your time and sorry for the false alarm.

Thanks!
Cornelius

Why are you using a non-standard protocol then? Shouldn't you be starting a HTTP server, like Tomboy does?

Yes, I could start an HTTP server. But I tried not to do this. The main reason it that it will be much more work and time is always short. The second reason is another dependency which will have to be available on all three currently supported platforms (Chinook, Diablo and Fremantle). Also it needs to be something lean and fast as we´re still on a very constrained platform.

Anyways, I´ll look into it and we´ll see how/when this can be done. Thanks!

We actually require the callback URL to be an HTTP[S] server, or oob (as
per OAuth Core 1.0a). I'd recommend not doing oob, as it's a usability
nightmare, and OAuth was designed for web sites to authenticate to web
sites, so custom URI schemes don't really work in those cases.

On Tue, 2009-12-01 at 09:12 +0000, Cornelius Hald wrote:
> Yes, I could start an HTTP server. But I tried not to do this. The main
> reason it that it will be much more work and time is always short. The
> second reason is another dependency which will have to be available on
> all three currently supported platforms (Chinook, Diablo and Fremantle).
> Also it needs to be something lean and fast as we´re still on a very
> constrained platform.
>
> Anyways, I´ll look into it and we´ll see how/when this can be done.
> Thanks!
>

Actually with 2 out of 3 tested browsers it works fine with a custom URI scheme. So there seems to be no restriction on the Ubuntu One side. Also I think Tomdroid is also using a custom URI scheme for the callback.