x

Issues with OAuth in Weebly Apps

All Weebly apps whose successful operation depends upon Weebly REST API access, requires site owner authorization adhering to the OAuth2 specificationThis rule applies to every Weebly App type:

It is not uncommon for developers (even well experienced developers) to encounter oauth issues in their apps.

Debugging can be quite frustrating, so let's remove that frustration by sharing our experiences and lessons learned and get each other back to writing code!

FAQs

What does OAuth2 do??

I highly recommended you read these two articles: Weebly App Authorization and Install Flow, and Quora - How does OAuth2 Work?. Once you have read these, if you still have questions or are confused, please let us know where you are confused so we can help.

What is the difference between "Authentication" and "Authorization"?

The best answer I have found for this question is quoted below from StackOverflow

Authentication is the process of ascertaining that somebody really is who he claims to be.

Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorised to read.

Troubleshooting OAuth issues within your Weebly App?

  1. Are you using one of the Weebly Client Libraries available on Github?
  2. Do all of your URLs in your manifest use "https" scheme instead of "http"?
  3. Do your servers have valid SSL/TLSv1.2 encryption support? Have you used "openssl s_client" to try and connect from outside your network to be certain?
  4. Does the 'callback_url' you provided in your manifest.json file actually handle the request properly? Correct HTTP verb? Correct path? Have you tested it?
  5. Did you decode and verify the hash properly?
  6. Are you using the correct Weebly Account? This seems like an obvious one, but so many people overlook this.
  7. Did you set the "oauth_final_destination" property and value in your manifest.json file?
  8. Are you properly using your App Secret to decode the HMAC hash?
  9. Do the API Keys you are using match the application you're working with currently? (this one gets a lot of developers)
  10. Are you properly redirecting back to Weebly using the "callback_url" you decoded in the hash earlier?
  11. Did you provide all expected parameters while exchanging your authorization_code for the access_token?
  12. Did you COMPLETE the connection after receiving the `access_token` by redirecting one-last-time to the supplied `callback_url`? If you do not, your app will remain in a disconnected state and your token will be invalid.
  13. Did Weebly accept the final stage of the process and redirect you to the value you set in manifest.json for the `oauth_final_destination` property?

OAuth is not working, help?!

Please go through the list of questions above, re-read and verify your code is precisely following Weebly App Authorization and Install Flow Documentation. If you would like more personalized attention, please create a Developer Support case by sending an email to dev-support@weebly.com

How can I resolve this error message: {{INSERT_ERROR_MESSAGE}}?

If you need help resolving a specific error message you are receiving, please create a Developer Support Case by sending an email to dev-support@weebly.com. Make sure to provide us with as much relevant data as possible.

Why is my token not working, I've already authorized the app?

Please read this documentation explaining reasons why an app can become `disconnected`.

What resources can simplify implementing oauth while developing your Weebly Apps?

It is highly recommended that developers use one of the Weebly Client Libraries available on Github?. These developer resources can alleviate a lot of easily overlooked errors, all our SDKs are Open Source and we love contributions, oh...and it is much much easier to support issues with the SDK than with your custom code. LOL!

I read that the guy who wrote the OAuth2 Specification abandonded his work stating it is fundamentally flawed and insecure. If that is true, why is Weebly using it?

As crazy as it sounds...yes, Eran Hammer was one of the original authors of the OAuth2 Specification, and here is what he had to say.

2,778 Views
Message 1 of 1
Report
0 REPLIES 0