768x90 Getting Online Shouldn't be Tough- $7.49 .com Domains at Go Daddy

BBAuth, Y!Oauth with pinless authentication in Air

I developed Air application which requires yahoo profile data. I think the application is little bit extraordinary since it doesn't need webservice, because my client won't it. I found Yahoo SDK for AS3 to build simple Yahoo Social Applications. It is quite satisfied to introduce me how to use Browser-Based Authentication (BBAuth) or Yahoo! Oauth, but how to make it not to open external browser and automatically get access token without invoking webservice and get verification pin? I got inspiration from twitter pinless . Fortunately, it works, you can see my screencast below:



When you click "Login To Yahoo" button, the authorize() method is executed, below is the codes.

private function authorize():void{
        YSession = new YahooSession(StormModel.YCONSUMER_KEY, StormModel.YSECRET_KEY, StormModel.YAPPLICATION_ID);
        YSession.clearSession();
        YSession.auth.addEventListener(YahooResultEvent.GET_REQUEST_TOKEN_SUCCESS, handleRequestTokenSuccess);
        YSession.auth.addEventListener(YahooResultEvent.GET_ACCESS_TOKEN_SUCCESS, handleAccessTokenSuccess);
        YSession.auth.pinlessAuth = true;
        
        var rect:Rectangle = new Rectangle(50,50, 780, 500);
        var browser:CustomHtmlHost = new CustomHtmlHost;
        var newHTMLOptoions:HTMLWindowCreateOptions = new HTMLWindowCreateOptions;
        newHTMLOptoions.x = 50;
        newHTMLOptoions.y = 50;
        newHTMLOptoions.scrollBarsVisible = true;   
        htmlBox = browser.createWindow(newHTMLOptoions);
        YSession.auth.htmlLoader = htmlBox;
       YSession.auth.getRequestToken("http://www.google.com");
      }
      
      private function handleRequestTokenSuccess(event:YahooResultEvent):void{
       YSession.auth.sendToAuthorization(event.data as OAuthToken);
      }
      
      private function handleAccessTokenSuccess(event:YahooResultEvent):void{
        YSession.auth.token = event.data as OAuthToken;
        htmlBox.stage.nativeWindow.close();
        YSession.setAccessToken(event.data as OAuthToken);
        gridProviders.addItem({token: YSession.auth.token.key, secret: YSession.auth.token.secret});
      }

The screencast seems little fool, because i use callback to www.google.com, but you can use any redirect url, eg: to your webservice, your domain or yahoo.com. Aside issues, to make my pinless authentication work sexier, I should hacks some line codes in YahooSession.as and AuthorizationRequest.as . (You can copy paste from these links). After i get the accessToken and accessSecret, i store them in sharedObject, and then re-validate any time you want extend the expired token. So what is CustomHtmlHost? Adobe has changed the policy for HTML where HTMLLoader is no available if you create directly new HTMLLoader, it is little hack solution from me:

package com.yahooStorm.utilities
{
    import flash.display.NativeWindowInitOptions;
    import flash.events.Event;
    import flash.geom.Rectangle;
    import flash.html.*;

    public class CustomHtmlHost extends HTMLHost
    {
        import flash.html.*;
        
        public function CustomHtmlHost():void{}
        
        override public function 
            createWindow(windowCreateOptions:HTMLWindowCreateOptions):HTMLLoader
        {
            var initOptions:NativeWindowInitOptions = new NativeWindowInitOptions();
            var bounds:Rectangle = new Rectangle(windowCreateOptions.x,
                                                 windowCreateOptions.y, 
                                                 1000,
                                                 650);
            var htmlControl:HTMLLoader = HTMLLoader.createRootWindow(true, initOptions,
                                        windowCreateOptions.scrollBarsVisible,bounds);

            htmlControl.addEventListener(Event.COMPLETE, onCompleteWindowHandler); 
            return htmlControl;
        }
        
        public function makeWindow(options:HTMLWindowCreateOptions):HTMLLoader{
          return createWindow(options)
        }
        
        public function onCompleteWindowHandler(event:Event):void{
        }
        
        override public function windowClose():void
        {
            htmlLoader.stage.nativeWindow.close();
        }
        
        override public function updateTitle(title:String):void
        {
          htmlLoader.stage.nativeWindow.title = "Placepoint Browser: " + title;
        }
    }
}

I am very interested to make BBauth pinless version work too in Flex and Flash As3 and then build the package scripts to swc, but i still have no time to do that, ASAP i will post the swc and documentation here.

If there's any question or suggestion please post in the comment box. Thank you.

3 Response to "BBAuth, Y!Oauth with pinless authentication in Air"

Anonymous said...

nice post bang! I'll follow you, master.. :)

renzo.

Betris Maya said...

HOW I GET A LEGIT LOAN @ 2% INTEREST RATE
I am a mum of three little kids. When i could not face my Debt any more, my son was on hospital bed for surgery that involve huge money and i also needed some money to refinance and get a good home then i have to seeks for Assistance from friends and when there was no hope any more i decide to go online to seek a loan and i find MARIA HAUSTIN Loan company (mariahaustin@hotmail.com) with 2% interest Rate and applied immediately with my details as directed. Within seven Days of my application She wired my loan amount with No hidden charges and i could take care of my son medical bills, Renew my rent bill and pay off my debt. I will advice every loan seeker to contact MARIA HAUSTIN Company with mariahaustin@hotmail.com For easy and safe transaction.

*Full Name:_________

*Address:_________

*Tell:_________

*loan amount:_________

*Loan duration:_________

*Country:_________

*Purpose of loan:_________

*Monthly Income:__________

*Occupation__________

*Next of kins :_________

*Email :_________

Contact her company Via Email: mariahaustin@hotmail.com

Anonymous said...

My names are Jessica Switch from united states. Merry Christmas in advance friends, become rich today and take the risk of transforming your own life. Try and get a blank ATM card today from (MR TOM HOOPER) and be among the lucky ones who are benefiting from this cards. This PROGRAMMED blank ATM card is capable of hacking into any ATM machine, anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago.. It has really changed my life for good and now I can say I'm rich because am a living testimony. The least money I get in a day with this card is about $4,000. Every now and then I keeping pumping money into my account. Though is illegal, there is no risk of being caught, because it has been programmed in such a way that it is not traceable, it also has a technique that makes it impossible for the CCTV to detect you.. For details on how to get yours today, E-mail the hackers on ( Tomhooperhackersworld@yahoo.com ).

 
powered by Blogger