How do I use the OAuth2 library?
LiveCode 9 includes a new OAuth2 library for presenting an authorization dialog to your users allowing them to give your application access to their data on a third party web service. There are many services that implement OAuth2 authorization and each will have their own developer portal for setting up an application that can connect to them. In this lesson we will use the slack api to post notifications from LiveCode to slack.
Creating a `PostToSlack` command
Create a new stack and edit its script or edit the script of an existing stack. We will change the values of the kClientID and kClientSecret constants when we have created the Slack App. Here we are using Slack's incoming webhook api.
constant kAuthURL = "https://slack.com/oauth/authorize" constant kTokenURL = "https://slack.com/api/oauth.access" constant kClientID = "XXXXXXXXX.XXXXXXXX" constant kClientSecret = "XXXXXXXXXXXXXXXXXXXXX" constant kScopes = "incoming-webhook" constant kPort = 54303 local sAuth command PostToSlack pMessage if sAuth["access_token"] is empty then OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort if the result is not empty then return "Not authorized!" for error else put it into sAuth end if end if local tMessage put pMessage into tMessage["text"] put ArrayToJSON(tMessage) into tMessage set the httpHeaders to "Content-type: application/json" & \ return & "Authorization:" && sAuth["token_type"] && sAuth["access_token"] post tMessage to url sAuth["incoming_webhook"]["url"] return empty for error end PostToSlack
Creating a Slack App
Enter a name for your slack app and then click `Create App`
The App detail page will allow you to edit the name, description and icon of the app. It is also where you can see the app's client ID and client secret which we will need later in the lesson. Click the `Show` button next to the client secret and copy both the client ID and client secret to be the value of the kClientID and kClientSecret constants in the script. Next click on the `OAuth & Permissions` button to go to that page.
Notice In the following image the client secret is blurred. This value should not be made public. For LiveCode apps the safest way to include the value in a standalone application is in a password protected stack script.
The OAuth2 library presents an authorization dialog and accepts connections on the loopback address 127.0.0.1 so that it can handle redirects in the OAuth2 flow. On the OAuth & Permissions page add a redirect url of `http://127.0.0.1:54303`.
Testing the script
Drag out a field from the `Tools` palette
Resize the field to fit a message of a few lines then open the inspector by double-clicking it and name the field to "message".
Drag out a button from the `Tools` palette
Open the object inspector by double-clicking the button and rename it.
Select the button and choose `Object > Object Script` from the LiveCode menubar to edit the script of the button and set it to the following script.
on mouseUp PostToSlack field "message" end mouseUp
Click on the button and the OAuth2 library will present the authorization dialog.
Choose the channel, user or group chat to post messages to and click Authorize
Open the chosen channel in slack and you should now have a message from the app.
Add the OAuth2 library to a standalone by checking `OAuth2` on the `Inclusions` pane of the `Standalone Application Settings` dialog. This will include the OAuth2 library and it's dependency mergJSON.