来自桌面应用程序的 OAuth2 身份验证代码

Question

I'm having some trouble with my desktop app and connecting to the Blizzard API. For OAuth2, I know I need to redirect the user to a website where they provide authorization for the application to access data on their behalf. From there, there's a redirect URL that contains the authorization code that must be exchanged for an access token.

My app is for desktop, so I'm unsure of how to obtain the authorization code from that redirect URL. Here's some of my code that I'm using for testing:

if self._check_connection():
        self.client_id = os.getenv("BLIZZ_CLIENT_ID")
        self.client_secret = os.getenv("BLIZZ_CLIENT_SECRET")
        self.region = "us"
        state = "abcd1234"

        re = requests.get(f"{BLIZZ_AUTH_URL}?client_id={self.client_id}&response_type=code&redirect_uri={REPO_URL}&locale={self.region}&scope={SC2_SCOPE}&state={state}")

        re_url = re.url
        print(re_url)

The fuller product would use webbrowser to get the user to authorize my app, but then I need to get that code that will be in the redirect URL after clicking "Allow". So I'm trying to get the URL at that last bit there, but when I print it to the console to check it, it doesn't contain the authorization code. However, if I click it, it opens the correct page in the browser, which contains the auth code.

Thank you for taking the time to read, I've looked at all sorts of posts on the internet but most of them are about web apps or they say something vague like "get the authorization code and exchange it" without elaborating on how that actually works.

Is there any clean way to do this that doesn't require the user to basically copy the code from the address bar and paste it into my app? Ideally, I'd like to just grab it programmatically and continue from there.

Answer 1

Since you are asking the user to authorize your application via an OAuth2 provider, you need to pass a proper redirect uri to the OAuth2 server.

Usually it is a valid domain pointing to a web server that will handle the request. For a desktop application (or mobile for that matter) you won't have a web server, so you need a custom protocol to handle that response and redirect it to your application.

For instance when you click an email address hyperlink mailto:email@server.com the protocol mailto: tells the browser to redirect the call to the host OS and open up the default mail application. The same works for most apps that interact with a browser like Skype, Discord, Twitch, etc

For windows apps you can read this topic for guidance: How do I register a custom URL protocol in Windows?

The idea is to open up the browser with the battle.net login, but the redirect url will point to your custom protocol, that way your application will receive a message containing the full URL including the authorization_code you need.

Note that by doing that the OS will launch a new instance of your app, you'll have to use some sort of messaging system/pipes/sockets to redirect data from the new instance to the currently running one. To detect a previously running app you can simply use a mutex.