Https://api.lockitron.com/oauth/authorize redirect not working on mobile


#1

In the past in my Pebble and iOS apps when I made a GET request to https://api.lockitron.com/oauth/authorize for an authorization code (passing all the necessary parameters) it would:

  1. load https://api.lockitron.com/?login=true
  2. Display what looked like https://api.lockitron.com (non-mobile version)
  3. Then quickly redirect them to what looked like https://m.lockitron.com/account/login for them to login
  4. Finally, after the user authenticated and clicked “Authorize” it would redirect them back to the redirect url

Ever since the release of API v2 my apps on the mobile device (iOS atleast) get stuck on step 2. From there the user has to click on “Back to Lockitron.com”, then “Menu”, then “Login” and after logging in they are are redirected to the redirect url without being prompted to “Authorize” or “Revoke”. This is confusing for users and leads them to think that my apps are broken and require extra unclear steps to authenticate.

I can PM you my full OAuth authorization code request with all the parameters. If you paste it in to the web browser on your computer or mobile device to see what I mean.

Or you can download Pebblock and open the configuration page. You’ll see where it gets stuck.
https://apps.getpebble.com/applications/53a9a197990481964a000245


#2

@Hanlon thanks, taking a look into this now. Likely cropped up when we started rooting to the v2 API rather than v1 (the OAuth layer should be agnostic to both).

Update: @Hanlon, can you give this a try now? This seems to be working on desktop, haven’t tested on mobile.


#3

@cameron It appears to be working now on mobile. Thanks for the quick response!