Authentication

OAuth for desktop Applications (Automating OAuth)

OVERVIEW

 

OAuth is primarily developed for web based applications , however it has been used quite frequently for desktop and native applications like mobile applications. In order to get OAuth working for native applications some workarounds are required. These workarounds also provide guidelines for automating the OAuth process without human intervention. 
A guidance for native applications is listed here: 
Few workarounds are listed here 
and as an example you can see how google provides support for it at 
 
Please note that the desktop application will still need to display the authentication screen from Collaborate in a browser window. HighQ follows the same methodology in our HighQ Drive and HighQ Office Addon. 

Comments


6 Comments


David Searle We ended up doing something similar - grabbed the initial token by hand, put it into a database, and then have an automated job which uses the refresh token to get a new token every few hours...hopefully it won't ever expire this way, and we don't have to go through the manual steps again. But really it should not be necessary to have to do it. HighQ has dropped the ball on this one.

I ended up writing in a routine within our Intapp Integrate appliance to manage the HighQ tokens in a custom SQL table. You have to run the initial auth process to get the initial auth code and save that against the record, after that it runs automatically.

Sync Table:

OAuth for desktop Applications (Automating OAuth)

Routine:

OAuth for desktop Applications (Automating OAuth)

Doesn't matter if you don't have Intapp Integrate, think the basic principles can be followed with a bit of rework, even just using powershell and curl. Hope this helps someone.

Dave


This is pretty silly IMO. Google, Microsft et al don't require browser-based human interaction to generate tokens for a non-interactive applications (e.g. see https://developers.google.com/identity/protocols/oauth2/service-account). In fact every other API provider I've integrated things with for my company (and that's a lot of APIs!) provides some sort of mechanism to call the API without human intervention. So it's unclear why HighQ doesn't provide a similar flow. Having to manually generate and regenerate the tokens (even once annually), is not a slick experience and is unsuited to modern automation of applications. The guidance on this page appears to be focused on desktop / mobile applications which are still GUI-driven, there is no guidance at all for fully-automated clients, which is surely an obvious use case.


We actually managed to get around this kind of easy thanks to some norwegian guys pointing me in the right direction. It turns out that only the access code and refresh token needs to be generated by admin interaction using a browser. After this if the API is being quired at least once a month a new code is only needed once a year.


Matthew Klestrup yes the documentation is still valid. Our own HighQ drive and office plugin uses the same methodology to generate the OAuth code during an API token generation.


Is this information regarding developing non web based applications still correct? In our company we would like to syncronize data without user interaction.

Last Updated: Jun 09,2023