Alfred Workflow and OAuth

[loris]

In order to build workflows that use third-party APIs, we sometimes need to authenticate the users.

At the moment, we can ask the user for its credential and store them in the workflow settings. That is not cool.

Futhermore, some API service are now OAuth only and won't let developers log users using their private credentials.

 

My request is to give workflow developers a way to handle OAuth, especially the token response.

The easiest way I see to implement that would be to extend alfred URI scheme to workflows.

For instance, I have a workflow with the following bundle id: "com.foobar.bundle", with a single "foobar.php" php file inside the workflow folder. I could give to the third-party API the following URI as the OAuth return url: alfred://com.foobar.bundle/foobar.php

The foobar.php script would then be able to get the token parameters and finalize the authentication.

[jdfwarrior]

I've brought this up to Andrew in the past for working on things like my AlfredTweet workflow/extension. Twitter for example, I just redirected the user to a page I controlled that started the oauth flow, allowed them to authenticate to Twitter, and then either returned the oob pin code, or just returns the tokens directly and asks the user to paste them back in.

 

Obviously, you don't want to store username and password and such in plaintext in settings or something, but what about using the security command to save them in the keychain? It can be done very easily. Reading from the keychain is easy as well. If the user knows to only click the "Allow" button and not "Always Allow" then it would always prompt the user before it accessed the keychain.

 

I know this isn't the best flow for the end user, but it works..

[loris]

Yeah, I know about keychain and the oob pin code concerning Twitter. I know this is not perfect for the user but it works!

What i am more concerned about is the growing number of APIs (Facebook, Google, Pocket to name just a few) that just won't let you use authentication with PIN code or classic login/password.

[altryne]

I've brought this up to Andrew in the past for working on things like my AlfredTweet workflow/extension. Twitter for example, I just redirected the user to a page I controlled that started the oauth flow, allowed them to authenticate to Twitter, and then either returned the oob pin code, or just returns the tokens directly and asks the user to paste them back in.

 

Obviously, you don't want to store username and password and such in plaintext in settings or something, but what about using the security command to save them in the keychain? It can be done very easily. Reading from the keychain is easy as well. If the user knows to only click the "Allow" button and not "Always Allow" then it would always prompt the user before it accessed the keychain.

 

I know this isn't the best flow for the end user, but it works..

 

 

Yeah, I know about keychain and the oob pin code concerning Twitter. I know this is not perfect for the user but it works!

What i am more concerned about is the growing number of APIs (Facebook, Google, Pocket to name just a few) that just won't let you use authentication with PIN code or classic login/password.

 

 

I have done an Pocket oAuth flow without asking the user for his credentials.

The way I do it is a bit complicated but it works, and is transparent to the user.

The workflow post is here : http://www.alfredforum.com/topic/1618-pocket-workflow-with-oauth-login/

Edited March 29, 2013 by altryne

[mihahribar]

Is there any news on this feature? I would love to build a proper OAuth flow instead of hacking it together and making the user do silly things...