locked
Removing authorization for an application RRS feed

  • Question

  • Hi

     

    We have an offline web application that caches the person id and record id(s) when the

    user first uses our application.  They are redirected to the HealthVault site and if all goes

    well, they are redirected back to our site where we grab the credentials and store them.

    From that point on we can log the user into HealthVault without requiring them to visit

    the LiveID login page.  This works great.

     

    However, we also want the user to be able to "disconnect" from HealthVault via our application.

    When the user disconnects, we clear the cached HealthVault person and record information.

    The problem is that if the user tries to reconnect, once they supply their Live ID information,

    the authorization page is skipped since the user has already granted access to the application.

    Therefore the user cannot select any new records that they may now have access to since

    the first time they were connected.

     

    What we would also like to do is to provide a way to programmatically remove the application's

    access to the record(s) the user had originally granted.  What is the recommended way to do this?

    Should we be calling RedirectToShellUrl, perhaps with the APPAUTH parameter?  If so, what other

    URL parameters should I pass to the method?

     

    Thanks,

    Mark

    Monday, March 24, 2008 5:50 PM

Answers

  • Mark,

     

    Sorry for the slow response - I had to do some research on our side.

     

    We currently don't provide any way of de-authorizing an application. To do so would require a different redirect target.

     

    Dealing with multiple records can be a bit complicated. Have you looked at how the Health and Fitness sample application does it?

     

    Wednesday, March 26, 2008 4:36 PM
  • Hi Eric,

     

    Now it's my turn to apologize for the slow response.

     

    Since there is no programmatic way to de-authorize an application, we'll have to take another approach to making

    it easier to add authorization to additional records.  I looked at Health and Fitness, but right now I cannot get it to

    work correctly if I try to add another authorized record.  I am taken to the authorization screen where I select the

    new record, but then I get a Page not found error when it tries to transfer back to the sample application.  Do you

    see this behavior also?

     

    Here is a utility method I am using now that seems to be working for me.  I would appreciate any suggestions for improvment as I am not sure this is the "official" way to make this happen.

     

    public static void RedirectToHVAppAuth()

    {

    // Redirect to the page that will take us to HealthVault logon

    StringBuilder sb = new StringBuilder();

    StringBuilder targetqs = new StringBuilder();

     

    sb.Append(WebApplicationConfiguration.ShellRedirectorUrl);

    sb.Append("APPAUTH");

    sb.Append("&targetqs=?");

     

    // build targetqs param

    targetqs.Append("appid=");

    targetqs.Append(WebApplicationConfiguration.AppId.ToString());

    targetqs.Append("&ismra=True");

     

    // add redirect param - needed for HV development environment

    string root = HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Host +

    HttpContext.Current.Request.ApplicationPath;

    targetqs.Append("&redirect=").Append(root).Append("/").Append(WebApplicationConfiguration.ActionUrlRedirectOverride);

     

    // append encoded targetqs value

    sb.Append(HttpUtility.UrlEncode(targetqs.ToString()));

     

    System.Diagnostics.Debug.WriteLine("Redirect URL: " + sb.ToString());

    HttpContext.Current.Response.Redirect(sb.ToString());

    }

     

    Thanks,

    Mark

     

    Friday, April 11, 2008 4:14 PM

All replies

  • Mark,

     

    Sorry for the slow response - I had to do some research on our side.

     

    We currently don't provide any way of de-authorizing an application. To do so would require a different redirect target.

     

    Dealing with multiple records can be a bit complicated. Have you looked at how the Health and Fitness sample application does it?

     

    Wednesday, March 26, 2008 4:36 PM
  • Hi Eric,

     

    Now it's my turn to apologize for the slow response.

     

    Since there is no programmatic way to de-authorize an application, we'll have to take another approach to making

    it easier to add authorization to additional records.  I looked at Health and Fitness, but right now I cannot get it to

    work correctly if I try to add another authorized record.  I am taken to the authorization screen where I select the

    new record, but then I get a Page not found error when it tries to transfer back to the sample application.  Do you

    see this behavior also?

     

    Here is a utility method I am using now that seems to be working for me.  I would appreciate any suggestions for improvment as I am not sure this is the "official" way to make this happen.

     

    public static void RedirectToHVAppAuth()

    {

    // Redirect to the page that will take us to HealthVault logon

    StringBuilder sb = new StringBuilder();

    StringBuilder targetqs = new StringBuilder();

     

    sb.Append(WebApplicationConfiguration.ShellRedirectorUrl);

    sb.Append("APPAUTH");

    sb.Append("&targetqs=?");

     

    // build targetqs param

    targetqs.Append("appid=");

    targetqs.Append(WebApplicationConfiguration.AppId.ToString());

    targetqs.Append("&ismra=True");

     

    // add redirect param - needed for HV development environment

    string root = HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Host +

    HttpContext.Current.Request.ApplicationPath;

    targetqs.Append("&redirect=").Append(root).Append("/").Append(WebApplicationConfiguration.ActionUrlRedirectOverride);

     

    // append encoded targetqs value

    sb.Append(HttpUtility.UrlEncode(targetqs.ToString()));

     

    System.Diagnostics.Debug.WriteLine("Redirect URL: " + sb.ToString());

    HttpContext.Current.Response.Redirect(sb.ToString());

    }

     

    Thanks,

    Mark

     

    Friday, April 11, 2008 4:14 PM