How do I use the OAuth2 library?

LiveCode 9 includes a new OAuth2 library for presenting an authorization dialog to your users allowing them to give your application access to their data on a third party web service. There are many services that implement OAuth2 authorization and each will have their own developer portal for setting up an application that can connect to them. In this lesson we will use the slack api to post notifications from LiveCode to slack.

Creating a `PostToSlack` command

Create a new stack and edit its script or edit the script of an existing stack. We will change the values of the kClientID and kClientSecret constants when we have created the Slack App. Here we are using Slack's incoming webhook api.

constant kAuthURL = ""
constant kTokenURL = ""
constant kClientID = "XXXXXXXXX.XXXXXXXX"
constant kClientSecret = "XXXXXXXXXXXXXXXXXXXXX"
constant kScopes = "incoming-webhook"
constant kPort = 54303

local sAuth

command PostToSlack pMessage
   if sAuth["access_token"] is empty then
      OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort
      if the result is not empty then
         return "Not authorized!" for error
         put it into sAuth
      end if
   end if
   local tMessage
   put pMessage into tMessage["text"]
   put ArrayToJSON(tMessage) into tMessage
   set the httpHeaders to "Content-type: application/json" & \
         return & "Authorization:" && sAuth["token_type"] && sAuth["access_token"]
   post tMessage to url sAuth["incoming_webhook"]["url"]
   return empty for error
end PostToSlack

Creating a Slack App

In your browser go to and sign into the team that should manage the slack app. Then browse to Slack's App management site and click the `Create an App` button.

Enter a name for your slack app and then click `Create App`

The App detail page will allow you to edit the name, description and icon of the app. It is also where you can see the app's client ID and client secret which we will need later in the lesson. Click the `Show` button next to the client secret and copy both the client ID and client secret to be the value of the kClientID and kClientSecret constants in the script. Next click on the `OAuth & Permissions` button to go to that page.

Notice In the following image the client secret is blurred. This value should not be made public. For LiveCode apps the safest way to include the value in a standalone application is in a password protected stack script.

The OAuth2 library presents an authorization dialog and accepts connections on the loopback address so that it can handle redirects in the OAuth2 flow. On the OAuth & Permissions page add a redirect url of ``.

Testing the script

Drag out a field from the `Tools` palette

Resize the field to fit a message of a few lines then open the inspector by double-clicking it and name the field to "message".

Drag out a button from the `Tools` palette

Open the object inspector by double-clicking the button and rename it.

Select the button and choose `Object > Object Script` from the LiveCode menubar to edit the script of the button and set it to the following script.

on mouseUp
   PostToSlack field "message"
end mouseUp

Click on the button and the OAuth2 library will present the authorization dialog.

Choose the channel, user or group chat to post messages to and click Authorize

Open the chosen channel in slack and you should now have a message from the app.

Standalone inclusions

Add the OAuth2 library to a standalone by checking `OAuth2` on the `Inclusions` pane of the `Standalone Application Settings` dialog. This will include the OAuth2 library and it's dependency mergJSON.


Add your comment

E-Mail me when someone replies to this comment