Forum OpenACS Development: Re: continuing thread after redirect for oauth2

Collapse
Posted by Gustaf Neumann on
In general, when one issues an "ad_returnredirect", the requesting client request will receive a redirect response and will send new requests to the server if wanted. In the same connection, later attempts to send to the same client will fail.

Most of the Microsoft oauth2 services receive a redirect_uri, where the service redirects the user when done. So, if you just want to authorize the user, the simplest thing is to construct a URL with client_id, redirect_uri, ... and provide this link to the user to login via o365. The provided redirect_uri will be used by the identity provided after a successful authentication to redirect the client to the response handler from the redirect_uri including, jwt data can be accessed and an auth code which can be used to get the access token via ns_http... Finally one can login the user via OpenACS API (maybe after creating an account etc.) - if wanted.

The Microsoft documentation is IMHO more helpful than the chilicat example.

[1] https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis

Collapse
Posted by Malte Sussdorff on
Thank you Gustaf.

I realized the major mistake I made. The chilkat example is for an app running on a computer, hence also the redirect to localhost. Guess the chilkat example send my brain on a goose chase.