Remote login questions | Anthony Corbett | 2014-11-26 11:03 |
Status: Closed | ||
Adam, Thanks for the reply. You are correct, passing a valid set of credentials via basic auth does return the redirect. I must have been using the wrong credentials (local instance vs test environment), my bad. This also works with any custom URI scheme, so it looks like this can be used to send the user to a native application by registering a custom URI scheme. Here is the working toy example: curl -silent -I -k --user user:pass https://domain/labkey/login/createToken.view?returnUrl=myapp://authenticate output: HTTP/1.1 302 Found Date: Wed, 26 Nov 2014 18:23:51 GMT Server: Labkey/14.30 Set-Cookie: X-LABKEY-CSRF=6d9eefe186b198c5ef1cc3fff7450ec5; Path=/labkey Set-Cookie: JSESSIONID=FB952D2070B757F744C3C18FD4C77F8A; Path=/labkey/; Secure; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-MiniProfiler-Ids: [710] Pragma: no-cache Cache-Control: no-cache Cache-Control: no-store Location: myapp://authenticate/?labkeyToken=76a848ae158323b3b4d35e4a451b8a7a&labkeyEmail=anthonycor%40gmail.com Content-Type: text/html;charset=UTF-8 As you can see the Location header contains the expected query parameters and custom URI scheme. The parameters can be parsed and used by the client that is not a web application per se! :) Also, the session cookie is also there so if the client can handle storing cookie information it can be used for API calls. Thanks for the help! - Anthony |
||