Getting OAuth2 Token in Desktop App vs. Web App

Question:

I have done some Dataflex development for the UK ‘Making Tax Digital’ functions that require oAuth2 authorisation. I’ve used your example code for the Windows work but I now need to get this working for a Dataflex Web based version. That communication part will all take place from the Web server. Any pointers on how to get oAuth to work through the Web Server using Dataflex?

Answer:

Chilkat’s OAuth2 class is only for desktop applications.  This is because you don’t really need it for web based apps (where code runs on the web server).  Doing OAuth2 with the typical Authorization Code Flow (see https://medium.com/@darutk/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85)  presents difficulty for desktop apps because a callback URL is part of the flow.  The resource owner must interactively authorize access through a web browser.  This results in a redirect response to the callback URL.  It means your app needs a way to receive that HTTP request.  Chilkat solves the problem by creating a background thread that waits for the callback (i.e. it behaves as a web server for that one request).

This problem no longer exists when your web-based application is running on a web server.  You don’t need Chilkat to get the OAuth2 token.  (You can use Chilkat in both web-based and desktop applications to make REST requests once have the OAuth2 token in hand.)   Implementing the OAuth2 Authorization Code Flow in a web-based app should be fairly easy and straightforward.  Nothing special is needed because OAuth2 requires no cryptographic computations on the client side (in this case, the “client side” is your code running on the web server).  It’s essentially just a matter of passing information back-and-forth.  Chilkat has some (hopefully working) examples online in ASP.NET and Classic ASP at http://tools.chilkat.io/oauth2.cshtml  and http://tools.chilkat.io/oauth2.asp   You can try them out and see the ASP.NET or Classic ASP source code that implements it.