OAuth Login using Kotlin

[rjkelleh]

I'm trying to create an android app using Kotlin and I am having trouble with the initial login. I need to redirect the user to https://www.bungie.net/en/OAuth/Authorize for them to login and retrieve the authentication token but I'm having trouble getting it to work.

Currently when I run my code I get a response code of 200, which I assume is an error code but I'm not sure. When I look at the input stream, it looks to be the html for the webpage, it's just not redirecting for the user to login. The specific url I'm using for the connection is "https://www.bungie.net/en/OAuth/Authorize?client_id={client-id}&response_type=code"

I'm relatively new to http requests and the Bungie api so any help would be greatly appreciated. Thanks!

[Tetron-bng]

You are on the right track. In HTTP 200 is a success code. Anything in the 200 to 299 range is success. And indeed you get a HTML page back which should be displayed to the user in a web browser. Just to check it out, try it in Chrome and see what it looks like. Eventually that page will be redirected to the redirect URI you provided in the development portal on Bungie.net and with it a code you can use to get an access token.

[rjkelleh]

So in Kotlin, how should I go about displaying the page to the user? Do you think it would be better to start a new activity using the url or display based off of the html I receive from the stream? Also what should my redirect URI be? I'm just a little confused on how exactly that part works. Will the web page be automatically brought back to my app after logging in?

[floatingatoll]

In a typical OAuth scenario, you would send the user to view that URL in their web browser, they would complete the login flow across Bungie.net and Sony/Microsoft/Steam/Stadia, and at the conclusion of the process, the user's browser would be redirected to the callback URL you configured for your application (whether x-local-uri:oauth-complete or https://www.yourapp.com/oauth-complete).

So, and this is my generic-not-Kotlin understanding, when you run your code and you get an HTTP 200 OK result with HTML, that's where your code should have opened the web browser to that URL with ?state=whatever instead of fetching it yourself, and at the conclusion of the process, Bungie's website would redirect the browser to your configured app callback URI of com.yourapp.whatever://oauth-complete or whatever with (approximately) a ?token=xyz parameter or similar containing a JSON blob with the actual outcome you're looking for: the OAuth tokens.

[rjkelleh]

Thanks for all of your help so far. At this point I managed to redirect back to my app and got the authorization code. I'm having trouble though with the POST request to retrieve the access token. My current code looks like this:

    val url = "https://www.bungie.net/Platform/App/OAuth/Token/ HTTP/1.1"
    val obj = URL(url)
    val con = obj.openConnection() as HttpURLConnection
    con.setRequestMethod("POST")
    con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded")
    con.setRequestProperty("client-id", {client-id})
    con.setRequestProperty("grant_type", "authorization_code")
    con.setRequestProperty("code", auth-code)

When I try to view the output stream an error is thrown and my app crashes. The same happens when trying to get a response code. From what I can tell, what I have above matches the documentation for the request so I'm not sure what I'm doing wrong. My best guess would be that the URL needs to contain the client id, grant type and code fields but it doesn't look like that works when I try ' "https://www.bungie.net/Platform/App/OAuth/Token/ HTTP/1.1?client-id={client-id}&grant_type=authorization_code&code=" + auth-code ' as the URL. I still just get an error thrown.

Any help would be greatly appreciated. Thanks!

[floatingatoll]

Trailing slashes aren't generally supported at bungie.net endpoints. Try Token instead of Token/?

[floatingatoll]

@jshaffstall-bng This OAuth thing comes up just often enough that you might consider adding an HTML comment to the 200 OK page at /OAuth/Authorize that says e.g. <!-- If you are developing a Bungie API application, this URL should be opened in a web browser for your app's user to interact with, and it will eventually lead to a redirect to your application's configured callback URL. -->

[rjkelleh]

@floatingatoll I just tried with Token instead of Token/ and it still just throws an error

[floatingatoll]

What is the HTTP 123 error code thrown, and what is the error string in the HTTP body?

[rjkelleh]

I got it to stop crashing by moving the post into a separate class, and the http error code is 404: Not Found

[floatingatoll]

https://www.bungie.net/Platform/App/OAuth/Token/

Are you trying the above POST destination URL, with no whitespace, parameters, ?a=b arguments, or any other accoutrement?

[rjkelleh]

Yes, the only things I have are the url listed above, plus the setRequestProperty values for content-type, client-id, grant_type, and code. Also now with just Token I get a 307 temporary redirect and with Token/ I get a 400 bad request. I think the 307 in this case is what I'm looking for but I'm not sure

[floatingatoll]

The 400 is a good sign, because "bad request" is noticeably better progress than "not found". For now avoid the 307, even if doing so requires a trailing slash (maybe my memory is inverted or maybe this endpoint is uniquely weird, I don't know).

You'll want to study the complete HTTP response — both the response headers and the response body — with the 400 Bad Request and see if you can work out what would make your request acceptable to the server.

[jshaffstall-bng]

For more information on OAuth 2.0 with Kotlin on Android, you can follow this guide - https://developer.android.com/training/id-auth/authenticate#kotlin

[rjkelleh]

I finally managed to get it working! Thank you everyone for the help. I really appreciate it

[jshaffstall-bng]

Good to hear, have fun!