Nest API的非HTTP [S] OAuth重定向 [英] Non-HTTP[S] OAuth redirect for Nest API

问题描述

我正在尝试开发使用Nest API的本机OS X应用程序.不幸的是，他们的客户注册仅接受重定向URL的"https://" URI.由于不涉及任何服务器(除Nest的服务器外)，因此我需要重定向到我的应用.为此，我需要能够重定向到任意URI.

I'm trying to develop a native OS X app that uses the Nest API. Unfortunately, their client registration only accepts "https://" URIs for the redirect-URL. Since there's no server involved in this (other than Nest's server), I need to redirect to my app. To do that, I need to be able to redirect to an arbitrary URI.

我试图直接将此反馈发送给Nest，但他们似乎没有可用的支持联系人或错误报告.

I tried to send this feedback to Nest directly, but they don't seem to have a support contact or bug reporting available.

我是否缺少针对这种使用的其他身份验证方法?这是iOS上的类似问题.

Am I missing some other authentication approach for this type of use? It's a similar problem on iOS.

谢谢！

推荐答案

嵌套只能在正常的浏览器环境中确保HTTPS是安全的.是的，还有其他一些安全的应用协议，但是标准定义不明确.因此，返回URI仅限于HTTPS和HTTP://localhost(假定有人控制了您的计算机，它们也可以拦截HTTPS调用)

Nest can only assure in the normal browser world that HTTPS is secure. Yes, there are other application protocols that are secure, but the standards are not well defined. As such the return URIs are limited to HTTPS and HTTP://localhost (It is assumed that is someone has control of your machine, they can also intercept HTTPS calls)

Mac OS和iOS为此提供了一个相对简单的解决方法，Nest的 iOS NestDK 示例代码.关键部分是:

Mac OS and iOS have a relatively simple workaround for this that is demonstrated in Nest's iOS NestDK sample code. The key parts are:

• 在第30行常量中.m ，您将看到定义了RedirectURL(在运行此示例代码时，您可能希望将其更改为您的首选URL，这可能是公司已控制的进一步安全性)

• In line 30 of constants.m you will see that RedirectURL is defined (when running this sample code, you might want to change this to your preferred URL, likely something your company already controls for further security)

并在第126行中NestWebViewAuthController.m ，其中应用程序正在检查WebView是否正在尝试加载我们的虚拟重定向URI.如果是这样，它将捕获参数并尝试获取可与 Nest API一起使用的令牌.

And in line 126 of NestWebViewAuthController.m where the app is checking if the WebView is trying to load our dummy redirect URI. If so, it captures the parameters and tries to get a token that can be used with the Nest API.

这篇关于Nest API的非HTTP [S] OAuth重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！