Nokia-Withings Oauth2 Get Authentification Code
Question
I do struggle to get the Nokia-Withings OAuth2 flow working with a flask app running on the localhost. I have made sure that in the /etc/hosts I have a redirect from callback url (nokia.velometria.com) to the 127.0.0.1 to make sure that all callback requests are going back to the app.
What is happening is that the original get request to the nokia authorize2 is automatically redirected to the account_login and never returns a request with a code to the specified callback url (nokia.velometria.com/code.
Here is a flask code I use:
from flask import Flask, request
import requests
import os
app = Flask(__name__)
@app.route("/code", methods=["GET"])
def nokia_code():
"""I expect the url with a code to be sent here"""
return request.get_data()
@app.route("/", methods=["GET", "POST"])
def nokia_callback():
"""OAuth 2.0 - Get your authentication code"""
if request.method == "POST": # just for debugging
app.logger.info("POST request data: {}".format(request.get_data()))
app.logger.info("POST request path: {}".format(request.path))
return "post"
else: # the actual GET request
url = "https://account.health.nokia.com/oauth2_user/authorize2"
client_id = os.getenv("NOKIA_CLIENT_ID", None)
params = {
"response_type": "code",
"client_id": client_id,
"state": "/",
"scope": "user.info",
"redirect_url": "http://nokia.velometria.com/code"
}
r = requests.get(url, params=params)
app.logger.info("url: {}".format(r.url))
app.logger.info("headers: {}".format(r.headers))
app.logger.info("history: {}".format(r.history))
return r.text
if __name__ == "__main__":
app.run(debug=True)
And here is a flask log I've got in return:
[2018-08-05 22:24:28,136] INFO in nokia_callback: url: https://account.health.nokia.com/oauth2_user/account_login?response_type=code&client_id= ***&state=%2F&scope=user.info&redirect_url=http%3A%2F%2Fnokia.velometria.com%2Fcode&b=authorize2
[2018-08-05 22:24:28,136] INFO in nokia_callback: headers: {'Date': 'Sun, 05 Aug 2018 20:24:25 GMT', 'Server': 'Apache', 'Content-Security-Policy': "frame-ancestors 'self' https://dashboard.health.nokia.com/ ", 'Strict-Transport-Security': 'max-age=2592000', 'X-XSS-Protection': '1', 'X-Content-Type-Options': 'nosniff', 'Referrer-Policy': 'strict-origin-when-cross-origin', 'Vary': 'Accept-Encoding', 'Content-Encoding': 'gzip', 'X-Frame-Options': 'ALLOW-FROM https://dashboard.health.nokia.com/ ', 'Content-Length': '2373', 'Content-Type': 'text/html;charset=UTF-8'}
[2018-08-05 22:24:28,136] INFO in nokia_callback: history: [] 127.0.0.1 - - [05/Aug/2018 22:24:28] "GET / HTTP/1.1" 200 - 127.0.0.1 - - [05/Aug/2018 22:24:28] "GET /min/g=baseCSS,blockv4CSS&2ef1f384 HTTP/1.1" 404 - 127.0.0.1 - - [05/Aug/2018 22:24:28] "GET /min/g=basev4JS&2ef1f384 HTTP/1.1" 404 - 127.0.0.1 - - [05/Aug/2018 22:24:28] "GET /min/g=basev4JS&2ef1f384 HTTP/1.1" 404 -
[2018-08-05 22:24:33,318] INFO in nokia_callback: POST request data: b'email= &password= &is_admin=f&csrf_token=***'
[2018-08-05 22:24:33,318] INFO in nokia_callback: POST request path: / 127.0.0.1 - - [05/Aug/2018 22:24:33] "POST / HTTP/1.1" 200 -
Note that the requests url is authomatically redirected to account_login from authorize2 and than calls a POST at the flask server with account credentials - definetely not a behaviour I was expectiong.
Any thoughts on how to get it working?
1 answers
solution1
0 2019-01-14 13:28:31
I had an similar issue. Basically the https://account.withings.com/oauth2_user/authorize2 url should be opened in the browser window by the user. (So you could open it maybe in another popup window or iframe.) The site will ask for application permissions and asks the user to login if needed.
After the user has clicked that your application has permission to use his data, the site will redirect to your uri callback with parameters.
So your http://nokia.velometria.com/ should be listening for request parameters given by the API.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.