How do I use the OAuth2 library?
LiveCode 9 includes a new OAuth2 library for presenting an authorization dialog to your users allowing them to give your application access to their data on a third party web service. There are many services that implement OAuth2 authorization and each will have their own developer portal for setting up an application that can connect to them. In this lesson we will use the Dropbox api to show info about the current Dropbox account from LiveCode.
Creating a `showAccountInfo` command
Create a new stack and edit its script or edit the script of an existing stack. We will change the values of the kClientID and kClientSecret constants when we have created the Dropbox App.
constant kAuthURL = "https://www.dropbox.com/oauth2/authorize"
constant kTokenURL = "https://api.dropboxapi.com/oauth2/token"
constant kClientID = "xxxxxxxxx"
constant kClientSecret = "xxxxxxxxx"
constant kScopes = ""
constant kPort = "54303"
command showAccountInfo
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort
if the result is not empty then
answer error "Not authorized!"
else
local tAuth
put it into tAuth
set the httpHeaders to "Content-type: application/json; charset=UTF-8" & \
return & "Authorization: Bearer " & tAuth["access_token"]
local tPost, tUrl
put "{" & quote & "account_id" & quote & ":" && quote & tAuth["account_id"] & quote & "}" \
into tPost
put "https://api.dropboxapi.com/2/users/get_account" into tUrl
post tPost to url tUrl
local tAccount
put jsonToArray(it) into tAccount
local tList
repeat for each line tLine in the keys of tAccount
put tLine && ":" && tAccount[tLine] & return after tList
end repeat
delete last char of tList
answer tList
end if
end showAccountInfo
Creating a Dropbox App
In your browser go to https://www.dropbox.com and sign into your account Then browse to Dropbox' App Console and click the `Create App` button.

Enter a name for your Dropbox app, fill in the details and then click `Create App`

In the next page, in the Settings tab, you can see the app's client ID and client secret which we will need later in the lesson.
Scroll down in the Settings tab, and write down the value of the "App Key" field. This is the client ID.
Click "Show" in the value of the "App Secret" field. This is the client secret

Notice in the image above the App Key (i.e. the client secret) is blurred. This value should not be made public. For LiveCode apps the safest way to include the value in a standalone application is in a password protected stack script.
The OAuth2 library presents an authorization dialog and accepts connections on the loopback address 127.0.0.1 so that it can handle redirects in the OAuth2 flow. In the "Redirect URIs" field add a redirect url of http://127.0.0.1:54303/
Make sure you do not omit the trailing slash!
Then press the Add button:

Next step is to set the required permissions. Go to the Permissions tab.
For our use case (i.e. getting info about the Dropbox account), we need the following permissions:
- account_info.read
- sharing.read


Testing the script
We will use a button that will call the showAccountInfo
command:
on mouseUp
showAccountInfo
end mouseUp
In the stack script, replace the values of kClientID and kClientSecret:
constant kClientID = "xxxxxxxxx"
constant kClientSecret = "xxxxxxxxx"
with the values of your own client ID (i.e. your App Key) and client secret (i.e. your App Secret)

Press the button. You should see an OAuth2 dialog asking you to login to Dropbox. Enter your Dropbox credentials and press Sign in:

In the next window, press Continue:

In the next window, you should see the required permissions for your app. These are the ones you had checked previously when creating the app. Click Allow:

Now, the api is getting info about your account, and it returns it to the LC app, which displays it using an answer dialog:

Standalone inclusions
Add the OAuth2 library to a standalone by checking `OAuth2` on the `Inclusions` pane of the `Standalone Application Settings` dialog. This will include the OAuth2 library and it's dependency mergJSON.

Note: In this example, we used OAuth2 and the Dropbox API to get back some info about the account. You can use the Dropbox API for fetching other information as well. In this case, you 'll need a different endpoint, i.e. a URL other than "https://api.dropboxapi.com/2/users/get_account"
You'll also need different permissions, and possibly slightly different syntax for the post
command. For more details, you can have a look at the Dropbox API documentation here:
https://www.dropbox.com/developers/documentation/http/documentation
Worked for me, but requires getting used a bit to Slack.com, studying it and being able to watch ones own postings in Slack subitted from this LiveCode stack.