search

apigee / apigee-devportal-kickstart-drupal

A fast demo and starting point for Apigee Developer Portals for Drupal
https://www.drupal.org/project/apigee_devportal_kickstart
GNU General Public License v2.0
26 stars 34 forks source link

Callback URL forces http/https #447

Closed sejonssonjer closed 3 years ago

sejonssonjer commented 3 years ago

Description

When editing app, it enforces callback url to begin with http or https, if trying to change the regexp pattern to allow .* for example it still forces http/https. Basically a native client will have its own reserved URL scheme and would require to register "myapp://" as their callback.

In addition, if you configure and app in Apigee edge with custom url scheme callback then the module crashes for the user who owns that app once visiting their list of apps in the portal

"Callback URL External site to which an app consumer is redirected to log in when using three-legged OAuth. Valid values must be prefixed with one of the following protocols: http:// or https://"

Steps to Reproduce

Steps to reproduce the behavior:

  1. Apps> App > Edit > Set callback to myapp:// > Save (does not work) or
  2. Go to Apigee Edge, create an app with callback url myapp://
  3. Go to Developer portal > Apps > Crash happens

Actual Behavior

Crash/Bug see above

Expected Behavior

Apigee Edge module should provide reasonable defaults, I have no issue with that... however we should be able to configure it the way we want without having to go and customize the actual module form.

Screenshots

If applicable, add screenshots to help explain your problem. image

Notes

Add any other context about the problem here.

Version Info

This can be the version you can see on admin/modules in Drupal or the output of this command: composer show. Add Drupal core and other version information if needed. Version: 8.x-1.17

yenoomluap commented 3 years ago

@divya-intelli We are also having issue with this. It seems a conflict with drupal core functionality -- drupal core only allows http and https as accepted protocols for routing (/var/www/html/web/core/lib/Drupal/Core/Utility/UnroutedUrlAssembler.php)? The ability to onboard native apps using a custom url is an important feature to our customers and is a component of three-legged OAuth with PKCE flow. Is there a work around for this while we wait for possible solution? InvalidArgumentException: The URI 'sap.nag://mynativeapp' is invalid. You must use a valid URI scheme. Use base: for a path, e.g., to a Drupal file that needs the base path. Do not use this for internal paths controlled by Drupal. in Drupal\Core\Utility\UnroutedUrlAssembler->assemble() (line 65 of /var/www/html/web/core/lib/Drupal/Core/Utility/UnroutedUrlAssembler.php).

yenoomluap commented 3 years ago

We might have found a temporary workaround.

First step: add the protocol (ex. sap) to the protocol_filter list at web/sites/default/services.yml

filter_protocols:
  - http
  - https
  - ftp  
  - news  
  - nntp  
  - tel  
  - telnet  
  - mailto  
  - irc  
  - ssh  
  - sftp  
  - webcal  
  - rtsp  
  - sap

second step: rebuild the drupal cache (drush cr)

third step: manually add the redirect uri to the app in edge ui add the redirect uri in edge

fourth step: view app in developer portal, app should show updated redirect uri updated redirect in portal

divya-intelli commented 3 years ago

Closing since it a duplicate of https://github.com/apigee/apigee-edge-drupal/issues/576 .