stackoom
  简体   繁体   中英

How does “If This Then That” implement access to third party user accounts (so called “Channels”)?

 原文  2014-11-11 12:58:17       android/ ios/ account/ if-this-then-that

Question

In the widely known If This Then That app (IFTTT) you can create workflows such as:

If I get an email with an attachment, add that attachment to Evernote.

For this to work you can authorize so called " channels " such as Gmail and Evernote. In practice this means that you need to enter your username and password for for example Gmail, after which the IFTTT app can freely scan the incoming email within.

I now wonder how this system works? Is there a specific API within iOS/Android to allow such interaction between apps with specific triggers upon receiving email, or does IFTTT store the usernames and passwords in cleartext and regularly poll the email boxes (which I cannot imagine)?

Could anybody shed some more light on the inner workings of this process? Any information or tips would be welcome (a description, names of API-endpoints, code examples, FLOSS alternatives that implement this, anything else)..?

1 answers

solution1
 1 ACCPTED  2014-11-12 10:35:09

It'll vary per provider, but many of them, including the Gmail flow, use OAuth for the authentication part. After authentication, they'll use whatever APIs are provided by each individual service.

The clue with Gmail is the way you're redirected to Google themselves for authentication, and the URL has "OAuth" in it. When I just tried it, the authentication URL was:

https://accounts.google.com/o/oauth1/auth?oauth_callback=http%3A%2F%2Fifttt.com%2Fchannels%2Fgoogle_callback&oauth_token=[REDACTED]&btmpl=mobile

What'll happen is that Google will authenticate your credentials, so they're never given to a third party like IFTTT. Instead, on successful authentication, Google will "call back" ifttt on the "oath_callback" URL provided, and effectively give them a token that will allow access. At any point, you can go and revoke that token (somewhere in Gmail's preferences) to prevent IFTTT accessing your account, so control of your account is always in your and Google's hands, and IFTTT only get the access they're granted as long as the token lasts. (Here are Gmail's auth scopes ). Your username and password are only ever authenticated with Google's servers, and never stored by the third party.

As with authentication, how IFTTT monitor and respond to events once that authentication has taken place is up to the specific service's API. In some cases they'll poll, where possible they'll probably register for event callbacks. According to this Quora answer from Linden Tibbets, one of IFTTT's creators , for Gmail they use OAuth for obtaining an IMAP login, then use that for polling.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to access the email accounts in third party application in android? how to reuse a third-party libXXX.so in JNI of Android How to use linkedin mobile sdk to implement third party login? How to implement third party GCM - CCS XMPP server using openfire? Sessions for php and third party access How to get access to third party sdk's activity names how to access the third party browser control like chrome in android? C2DM - Device and third party server email accounts query How to add multiple google accounts to an android app so that user can switch between accounts How to make password reset link feature limited only to non-third party auth service provider created accounts
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM