Non-HTTP [S] OAuth redirection for Nest API
I am trying to develop a native OS X app that uses the Nest API. Unfortunately their client registration only allows the "https: //" URI for the redirect URL. Since there is no server in this (other than the Nest server), I need to redirect to my application. For this I need to be able to redirect to an arbitrary URI.
I tried to send this feedback to Nest directly, but they don't seem to have support or error messages.
Am I missing some other authentication approach for this type of use? This is a similar issue for iOS.
Thank!
source to share
Nest can only guarantee in the normal browser world that it HTTPS
is secure. Yes, there are other application protocols that are secure, but no standards are defined. This way the returned URIs are limited HTTPS
and HTTP://localhost
(assuming someone has control over your machine, they can intercept calls too HTTPS
)
Mac OS and iOS have a relatively simple workaround for this, as shown in the Nest iOS NestDK sample example . The key parts are:
-
On line 30 of the .m constants, you will see that it is
RedirectURL
defined (when you run this sample code, you may want to change this to your preferred url, most likely that your company already controls for further security) -
And on line 126 of NestWebViewAuthController.m , where the app checks if the WebView is trying to load our bogus redirect URI. If so, it captures the parameters and tries to get a token that can be used with the Nest API .
source to share