locked
Foundation URI with username and password Alternatives

    Question

  • I am currently working on application that uses a to-do list API using OAuth 2.0. 

    In order to get an access token, the API requires an SSL Post request to an URI similar to the one below. (replaced with generic information)

    https://username:password@api.domain.com/token.php

    I am modifying scenario 4 from the HTTPClient sample (from the Windows 8.1 samples) to do this. (Using a httpClient->PostAsync task)

    I've been receiving the exception "https://username:password@api.domain.com/token.php is not a valid absolute URI"

    From researching/googling/etc it seems, from the sources I've read, you can't setup this kind of URI in a Windows 8 Store app. My question is what are my alternatives? Is there a way to "mimic" the same thing or should I be contacting the owners of the API to see if their server accepts any other methods of posting such a request?

    Appreciate any help or advice. Thank you.

    Tuesday, February 11, 2014 9:28 PM

Answers

  • Good news!  It turns out that the Toodledo.com site documentation is actually incorrect; I've just tried connecting to their site without it, and all of the OAuth2 stuff works just fine.  I've filled out Ticket #48475 on their site to track their documentation changes.

    I hope that you've been able to use the OAuth2 sample filters; these handle most of the "issues" around support OAuth.  Even better, the OAuth2 filter pops into the middle of your HttpClient filter chain and handles all or most (depending on the site!) of your OAuth needs without your business logic needing to try/retry/do refresh/pop up a WebAuthBroker, etc.

    The filter sample is part of the Web Authentication Broker sample at http://code.msdn.microsoft.com/windowsapps/Web-Authentication-d0485122

    We also have a poster pack the shows how the different network APIs interrelate: http://www.microsoft.com/en-us/download/details.aspx?id=40018


    Network Developer Experience Team (Microsoft)

    Friday, February 14, 2014 9:59 PM

All replies

  • Hi,

    As far as i know, including the username and password embedded in the URI is not a legal syntax for the HTTP protocol. 

    You could store the username and password in the password vault as well:

    http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.credentials.passwordvault.aspx

    http://code.msdn.microsoft.com/windowsapps/PasswordVault-f01be74a

    http://msdn.microsoft.com/en-us/library/windows/apps/hh750301.aspx

    Best Wishes!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey. Thanks<br/> MSDN Community Support<br/> <br/> Please remember to &quot;Mark as Answer&quot; the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Thursday, February 13, 2014 2:22 AM
  • What site are you trying to reach?  In general, HTTP url do not include a username and password (their primary use right now is for phishing attacks; the current RFCs say that programs should actively reject urls that includes name and password information). 

    However, the System.Uri class in C# can certainly parse them correctly.


    Network Developer Experience Team (Microsoft)

    Thursday, February 13, 2014 8:28 PM
  • I'm trying to integrate Toodledo for to-list task. Looking here http://api.toodledo.com/3/account/index.php I got authorization to work, I received the code and now I'm working on the Post SSL request to get the access token under "Getting an Access Token" section of the API. I'm only working in C++.
    Thursday, February 13, 2014 9:59 PM
  • Good news!  It turns out that the Toodledo.com site documentation is actually incorrect; I've just tried connecting to their site without it, and all of the OAuth2 stuff works just fine.  I've filled out Ticket #48475 on their site to track their documentation changes.

    I hope that you've been able to use the OAuth2 sample filters; these handle most of the "issues" around support OAuth.  Even better, the OAuth2 filter pops into the middle of your HttpClient filter chain and handles all or most (depending on the site!) of your OAuth needs without your business logic needing to try/retry/do refresh/pop up a WebAuthBroker, etc.

    The filter sample is part of the Web Authentication Broker sample at http://code.msdn.microsoft.com/windowsapps/Web-Authentication-d0485122

    We also have a poster pack the shows how the different network APIs interrelate: http://www.microsoft.com/en-us/download/details.aspx?id=40018


    Network Developer Experience Team (Microsoft)

    Friday, February 14, 2014 9:59 PM