|the version of the OAuth API that the service supports. Possible values are 1 or 2. Some services support both, in which case use Version 2.
|This is something that identifies your application to the service. It's typically a string of random characters. It is also sometimes called the App Key, the Application ID, the Consumer Key or something like that.
|This is a "password" that belongs to your application. It is typically a string of random characters. It's also sometimes called App Secret, Consumer Secret, Password and so on.
|This is the URL the service will redirect the browser to on a
successful login. The window in your application will intercept
this URL. Sometimes this URL is not set by you, but is set (to http://localhost) by the service
as a default value.
For Desktop - if given the option you can enter anything you like, but the simplest, and most compatible option seems to be http://localhost or just localhost. (Some services want the HTTP part, others explicitly don't want it.)
For Web - you will enter the complete URL for your oAuthLoginWeb form (https://yourdomain/oAuthLoginWeb) here. Note that you will also need to register this URL with the service as an allowed Redirect URL for your service.
|This item is optional, and depends on the service. Usually used by services that offer different levels of API, or different API's. If it's not immediately obvious then you can set it to a blank string in the program.
|Request Token URL
|Only required by services that use OAuth version 1. This URL is usually listed in the Service Documentation for that service.
|A URL the program will use to request a token from the service. This URL is usually listed in the Service Documentation for that service.
|Access Token URL
|A second URL used by the service during the OAuth login process. This may also be called the Exchange URL. This URL is usually listed in the Service Documentation for that service.
If any of the above conditions are not acceptable to your program, then it is easy for you to override the location, and form, of the save. You could save the INI file in a different location, or save the settings in a database table, or whatever you prefer.
There are two methods provided, one called Load, the other called Save. You can add your own code to these methods in the OAuthLogin procedure, BEFORE the parent call. If you do a RETURN statement before the parent call then the parent call is suppressed (and so the default INI code will not run.)
For details on the fields that need saving and loading see netOauth.Clw, in the Load and Save methods.
|The (human readable) name of the service you are connecting to. This will be displayed to the user, and can be used when storing the returned values.
|The OAuth version that the service you are connecting to supports. Possible values are 1 or 2. If the service supports both then set this to 2.
|The Client Secret as provided to you when you registered your app on the service. The exact terminology used varies from service to service, but usually includes the term Client ID or App ID.
|The Client Secret as provided to you when you registered your app on the service. The exact terminology used varies from service to service, but usually includes the word Secret or Password. Some examples of this terminology are App Secret, Consumer Secret, Client Secret or Password.
|The Redirect URL as provided by you to the service when you registered your app on the service.
For Desktop: In almost all cases you want to keep this simple and set it to http://localhost. If this is not permitted by the service then any legal url, starting with HTTPS will do. For example https://www.somewhere.com - you do not need to actually do anything at that URL, the app never goes there.
For Web: You will enter the complete URL for your oAuthLoginWeb form (https://yourdomain/oAuthLoginWeb) here. Note that you will also need to register this URL with the service as an allowed Redirect URL for your service.
Tip: some services (like Facebook) add a trailing / to the URL you enter. If they do, then it's important to include this in this string, or the login will likely fail.
|Usually when requesting a Refresh token a redirect_uri parameter is passed to the service. In some cases this is not allowed by the service, and it has to be suppressed. Set this property to true if this affects your service.
|Required by some services, not required by others. Typically identifies the specific API's that your app will use when connecting to the service. The user will be asked to grant your app permission to these API's when they log in. Services that have a very limited API set typically do not need this to be set.
|A unique (random) value which helps to ensure that a user, not a malicious script, is making the Redirect call. If you leave this blank a random value will be inserted for you.
|Set to either Net:WebPOSTAuthentication (the default value) or Net:WebBasicAuthentication. This determines the authorization method when doing a token request.
|A resource parameter required by some services.
|Usually set to false. Set this to true if the service requires that the call to the RequestToken be a POST instead of the usual GET.
|This is only required by services that log in using OAuth 1a. This URL is specific to the service and is usually provided by the service on either their OAuth documentation page, or with your application details when you registered your app on the service.
|This URL is specific to the service and is usually provided by the service on either their OAuth documentation page, or with your application details when you registered your app on the service.
|This URL is specific to the service and is usually provided by the service on either their OAuth documentation page, or with your application details when you registered your app on the service. This is sometimes referred to as the ExchangeURL by some services.
|Set this to true to make the Access Token URL to a GET request instead of a POST request. Currently OAuth 2 only.
|If the service uses a different URL for refresh tokens, then enter the value here. If nothing is set here then the pAccessTokenURL is used.
|Set this to true to make the Refresh Token URL to a GET request instead of a POST request. Currently OAuth 2 only.
|When making a TLS connection the HostName part of the URL you are connecting to is supposed to match the certificate on that site. For some services the name does not match, but it is a known alternate name. For example when connecting to Flickr.com the certificate is for yahoo.com. Turning off the name check completely can lead to a possible man-in-the-middle attack. To avoid this, this property allows you to set the expected name. The connection will always test the correct name first, so if the site does change to a correct certificate this setting will do no harm.
|Some services do not use a correct certificate, in that the common name for the certificate, and the URL for the API do not match. If this is the case then set this field to true.
|Some services do not use a correct certificate, in that the certificate they are using is not in the normal chain of trust. This can be fixed by either adding their root certificate to the caroot.pem file, or by setting this option to true.
|If this is true then a new token will be fetched, even if the current token is still valid.
|If this is set to netOAuth:OnScreenHTML
(the default) then the login will take place via an HTML control
on the login window.
If this is set to netOAuth:UseLocalBrowser then the HTML control on the screen will be ignored, and the login will take place in a browser window external to the program. The program will open this browser window when necessary. The user will login, and control will be returned to the program. This should be used when the service does not support the HTML control being used on the window.
If this is set to netOAuth:UseRemoteBrowser then the OpenRemoteBrowser method will be called, and a message displayed to the user. By default this method copies the URL to the clipboard, and asks the user to paste it into their local browser.
|Some services use different code-challenge methods as part of the PKCE flow. Set to one of 'plain' or 's256' if using PKCE flow.
|Some services need an access_type parameter when getting the Authorization code. Set the value here, usually to 'offline' if the server uses it.
|Some services use a parameter called prompt when getting the Authorization code. some possible values include 'none', 'consent' and 'select_account'.
|Some services use a login_hint parameter when getting the Authorization code.
|Some services use a domain_hint parameter when getting the Authorization code.
|Only used if pExternalBrowser is not set to netOAuth:OnScreenHTML. Set this to the listening port when an External browser is being used. this must match the port specified in the pRedirectURL (which must match the port registered with the service)
|Only used if pExternalBrowser is not set to netOAuth:OnScreenHTML. Set this to true if the listening connection needs to be secure. Typically only set if pExternalBrowser is set to netOAuth:UseRemoteBrowser or if the service requires that the callback URL be secure.
|Only needs to be used if pListenTLS is set to true. This sets the name (and path) for the certificate for this listening port. Two files will be loaded, the pListenDomain.CRT and the pListenDomain.KEY files. The domain must match the name set inside the certificate.
|Only used if pExternalBrowser is set to netOAuth:OnScreenHTML. Set this to localhost if the browser is local, or leave it blank, or tie it to a specific IP address of the machine the program is running on if the external browser is on a different machine..
|If left blank then this defaults to 'authorization_code', which is the most common grant type. Some services however only implement the 'client_credentials' grant type in which case this field should be set to that. A third type 'password' is also supported. See also Client Credentials and Password Grant Types
|Some services make use of an additional parameter (token_access_type) when requesting refresh tokens. For example DropBox uses token_access_type=offline to get long-lived refresh tokens. (so then this parameter would be set to offline.)
|Not used by the NetOAuth Class. Allows you to add extra data to the group if you wish (ie pass extra information into the OauthLogin procedure etc.) You need to NEW and DISPOSE this field before and after using it.
|Used only when the pGrantType is set to password.
|Used only when the pGrantType is set to password.
|A Clarion date when the rToken value will expire.
|A Clarion time when the rToken value will expire.
|Returned by some servers. You may need this when making API calls to the service.
|A refresh token from the server. This token can be used to (silently) get another token when the original token expires. This is done automatically for you.
|Also known as the Access Token, this is the most important result from the call to OAuthLogin. It is used by both OAuth1 and OAuth 2 API's.
|The Token Secret is only set when accessing an OAuth 1a service. It will be needed by the class when calling the CreateAuthorizationString1 method (which will need to be done before all calls to the WebService.)
|The Auth Verifier is only set when accessing an OAuth 1a service. It will be needed by the class when calling the CreateAuthorizationStringOauth1 method (which will need to be done before all calls to the WebService.)
|Only in OAuth2, but not used outside the NetOauth class. It is included here only for the sake of completeness.
|A pointer to the Parms group passed to the INIT method.
|Called when the login is being made via an external browser, and the external browser has completed the login. This is the HTML reply sent to the browser.
|Called when the login is complete.
|Called when an error occurs.
|Called when the File Explorer control is complete, and the service is calling the Redirect URL.
|Primes the object ready for the login.
|Calls the local, external browser, with the URL so the user can login.
|Copies the URL to the clipboard so it can be pasted in a remote browser
|Is called when incoming request to the OAuth server are completed. A single login typically spans multiple requests, and responses to the server.
|The reply received from the remote browser
|The page to send to the browser to answer the browser's redirect request.
|Starts the OAuth process.
|Transfers control back from the object to the calling procedure. Typically triggers the File Explorer control with the passed URL.
|A StringTheory object containing the HTTP header, and HTML content to send to the browser after the login process has been completed.
|A message generated in the code, depending on where this method is called from.
|A description of the error
|the name of the method where the error occured.
|The callback URL as set by the remote service.
|Contains all the properties necessary to call the service. For more information on the properties see the section OAuthParmetersGroup.
|The URL to call from the external browser to the OAuth Service to start the login.
|The URL to call from the external browser to the OAuth Service to start the login.
|The raw packet as received from the browser. This will include the HTTP headers, and any other data.
|The name of the NetSimple object which is listening for the browser redirect.
|A simple string to include in the HTML reply. This will be visible to the user.
|The URL that the File Explorer control should load.