locked
APPAUTH not giving wctoken RRS feed

  • Question

  • In the offline application that we are building, we are using APPAUTH shell redirect for the users to do the one time application authorization.  The user is not already logged in to HV at this point of time.

    But when user is redirected back to application after he enters credentials, selects a record and approves the access,  the returned wctoken is empty. 

    Here is the fiddler log ....

    ----------------------------------START OF LOG------------------------------
    POST /HealthVault/Redirect.aspx?target=SelectedRecordChanged&actionqs=abcd HTTP/1.1
    Accept-Language: en-us
    Content-Type: application/x-www-form-urlencoded
    ...
    ...
    ...
    Content-Length: 8
    Connection: Keep-Alive
    Pragma: no-cache

    wctoken=
    --------------------------END OF LOG------------------------------------------

    Shouldnt APPAUTH return non empty wctoken if the user also authenticated to HV during the journey?

    I understand that I can use AUTH instead of APPAUTH (and it returns wctoken correctly).  But doing so I have trouble authrozing additional records for a user as a seperate user journey.   I can provide additional details if required.


    Raj


    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, March 11, 2009 8:26 AM

Answers

  • Hi Raj,

    I apologize for not seeing your reply sooner - I'll follow up with you on the new thread you created.

    -Matt W.
    Wednesday, March 18, 2009 7:18 PM

All replies

  • Hi Raj,

    I'm not sure why we aren't returning a wctoken is this case.  I'll look into it.

    In the meantime, you can still use the AUTH target, and have it always prompt the user for authorization.

    In the targetqs, add the parameter "forceappauth=true".

    When this parameter is used, after the user authenticates, they will always land on the select record page where they can authorize or add a new record.  This is a new parameter we've added.  It should be in the SDK documentation already, but I just noticed we still need to update MSDN.

    -Matt W.
    Thursday, March 12, 2009 5:48 PM
  • As far as I can tell, it used to work - I wonder if the behaviour changed after the recent platform update.

    I also tried using forceappauth query variable - but it dint work atleast the one time I tried. It redirected me back right after authentication.  I will give it a try again.

    Thanks for your time

    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Thursday, March 12, 2009 6:07 PM
  • After asking around a bit, there are some conditions where the APPAUTH target will not return a wctoken.  The APPAUTH target is not currently intended to be used as a way of obtaining one.  The AUTH target is the supported method of doing so.  The reason you'll sometimes see it returned in APPAUTH is more of a "side-effect" of how APPAUTH is used when servicing the AUTH target.  So, to make a long story short, you should not rely on the APPAUTH target to obtain a wctoken.

    If I understand your scenario correctly, the forceappauth parameter should help you out - let me know if you're still having trouble with it.

    -Matt W.
    • Proposed as answer by Matt_Wagner Thursday, March 12, 2009 7:22 PM
    Thursday, March 12, 2009 7:20 PM
  • Matt,


    The forceappauth parameter does NOT seem to do it.  Still get back wctoken as empty.

    The behaviour I see is.

    a.   A user visits the site. 
    b.  Redirected to HV using forceappauth set to True
    c.  Enters his user name and password and authenticates against live.com
    d.  Redirected further to select a record
    e.  User selects a new record to authorize this time
    f.   Redirected back to our application with action SelectedRecordChanged.  But wctoken is empty.

    I am attaching the original redirect to HV and final redirect back from HV below. This corresponds to step b and f in above.


    Thanks!

    Raj




    Original Redirect to HV

    GET /redirect.aspx?target=AUTH&targetqs=appid%3dc300b2fe-04f8-45bb-9d58-d84f56d17ba2%26forceappauth%3dTrue%26actionqs%3d3b622ed3-85d8-4de6-93cc-d48344bde94b%26redirect%3dhttp%253a%252f%252fwww.mysite.com%252fHealthVault%252fRedirect.aspx%26trm%3dpost&trm=post HTTP/1.1
    .....
    Cookie: hv=lastcredtype=Live ID
    Pragma: no-cache
    Host: account.healthvault-ppe.com



    Redirect back from HV

    POST /HealthVault/Redirect.aspx?target=SelectedRecordChanged&actionqs=3b622ed3-85d8-4de6-93cc-d48344bde94b HTTP/1.1
    .......
    Content-Type: application/x-www-form-urlencoded
    Host: www.mysite.com
    Content-Length: 8
    Connection: Keep-Alive
    Pragma: no-cache

    wctoken=


    ====================

    Finally, I am using the following Code to redirect

                StringBuilder sb = new StringBuilder(128);
                sb.Append("appid=");
                sb.Append(WebApplicationConfiguration.AppId.ToString());
                sb.Append("&forceappauth=");
                sb.Append("True");
                sb.Append("&actionqs=");
                sb.Append(System.Web.HttpUtility.UrlEncode(<someguid>));

                Microsoft.Health.Web.WebApplicationUtilities.RedirectToShellUrl(
                    System.Web.HttpContext.Current,
                    "AUTH",
                    sb.ToString());










     
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Monday, March 16, 2009 11:11 AM
  • Hi Raj,

    I apologize for not seeing your reply sooner - I'll follow up with you on the new thread you created.

    -Matt W.
    Wednesday, March 18, 2009 7:18 PM
  • Wednesday, March 18, 2009 8:19 PM