OAuth Callback procedure for mobile devices
I am designing a Netflix Application for BlackBerry mobile devices. I am currently working on the OAuth. I am at the point where I can generate a Netflix login page in an embedded browser field in my application.
After the user signs in, Netflix will send the user from the login page to a specified callback url. The callback url will also contain an authorized token, which is then needed to send back to Netflix.
My question is: How am I supposed to do this on a mobile device? Is there a procedure set in place? I am unsure how I can extract the authorized token from the callback URL and send it back to my application. From my research, it does not appear that Netflix will provide a PIN/verifier for the user to then type into the application...
Does anyone have any ideas?
Thanks...
Answer
There are two ways to deal with callbacks on mobile devices. The first is to set the value of oauth_callback to 'oob'. This is done if your device is unable to receive callbacks. See the OAuth spec, section 2.1:
Using 'oob' should cause the server (Netflix) to display a verification code that the user then types into your application to authorize the request token.
The second way, if your device supports it, is to use a custom URI scheme. I know that on iPhones, you can register a callback with a custom scheme that is assigned to your application. Is there a way to do this on a BlackBerry? If so, I'd use this approach as it's a much better user experience.