question

joncloverdev avatar image
joncloverdev asked joncloverdev commented

On First time install of Web App, can the "Open App" button use the redirect_uri passed in from the oauth/authorize call

Hi,

I am following these steps https://docs.clover.com/build/oauth-2-0/#1merch_a... and I have got the flow to work. On the first time call to the oauth/authorize url the Clover user will be asked to login, choose their merchant if needs be and then install the app via the App Marketplace. This works and I understand it.

However I am having an issue identifying which merchant ID is associated with our users. We have multiple users on our site and each will have to install the app, and have a unique merchant ID. I need to store the merchant ID as associated with a user, but I cannot see how to get the OAuth flow to pass back some custom data for me, ie our user ID or some other identifier.

In the settings of the Web App the site url is set as http://localhost:53755/clover (for the sandbox version)

When I call the oauth/authorize url 
https://sandbox.dev.clover.com/oauth/authorize?cli...
I make the redirect_uri = http://localhost:53755/clover/OAuth/[UserId], so that I can know which user on my side is trying to install the app.

This works if the user has already installed the app, the call to the oauth/authorize will then use the custom redirect_uri with the [UserID] value.

However, on first install of the app, I don't see a way for the "Open App" button to use the already specified redirect_uri that is present in the URL.

Any assistance would be appreciated on how I can get the flow to return some custom data that I pass on the initial call to oauth/authorize, and that will be used by the "Open App" button on the App Marketplace webpage. I want to avoid the user having to install the app first, and then come back to my side and re-trigger the OAuth process.

Thanks



REST APIOAuth
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

joncloverdev avatar image
joncloverdev answered joncloverdev commented
Thanks for your answer, but I'm not exactly sure how that helps me?

My issue is that the url for "{your_url} " is static and set as part of the Web App settings, or you can set a custom one for the https://sandbox.dev.clover.com/oauth/authorize call using the redirect_uri parameter.

However this redirect_uri parameter is only used on the oauth/authorize call, not on the "Open App" button when the application is installed. The "Open App" button basically navigates to your site and it does not contain any information about which user from my site is trying to open the app. It will contain the merchant ID which is great, but I will be unable to link that merchant ID to a user in my site.

This image shows the chrome dev tools on clicking the "Open App" button, notice there is no redirect_uri being called, even though it is present in the URL of the main window that led the user there...


Hence I have changed my process to first ask the users to install the app via the Clover App Market, and then come back to my site to initiate the oauth authorize call, and as such I am able to create a custom redirect_uri that contains the user identifier I require.

chromesnip.png (20.0 KiB)
2 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

chanel avatar image chanel commented ·

What you have described is the correct flow. When a merchant starts on the App Market page, Clover will always direct the merchant to the static URL that you've provided (regardless of the parameters of the URL that sent them to that page). Your custom parameters are only considered when the merchant starts from {your_site} *and* are already authorized with your app. (I would be happy to go into a detailed explaination, if need be.)

My suggestion is to link Clover's merchant_id to Your Site's user_id within your system. Then it'll be a simple matter of doing a lookup on your end.

0 Likes 0 ·
joncloverdev avatar image joncloverdev chanel commented ·

Thanks yes I am linking the user_id to the merchant_ID already and storing that in my site.

Your point "Your custom parameters are only considered when the merchant starts from {your_site} *and* are already authorized with your app" is what I needed confirmation on, thanks. That more clearly explains the process, perhaps updating the documentation on the redirect_uri parameter will help future developers? Just a suggestion.

As for your detailed explanation, I would love to hear it, if only for interest's sake and to learn something new :)

Thanks

0 Likes 0 ·
chanel avatar image
chanel Deactivated answered
When a merchant is directed to your URL, Clover includes this information in the redirect URL in the following form: . 

{your_url}/oauth_callback?merchant_id={MERCHANT_ID}&client_id={APP_ID}&code={AUTHORIZATION_CODE}

You can ensure that you get this information by using the following code (written in Ruby): 

code = request.GET['code']  
if not code
  redirect_to("#{ENVIRONMENT}/oauth/authorize?client_id=#{CLIENT_ID}")  
else
  set_merchant(request.GET['merchant_id'])
  redirect_to("/oauth_callback?code=#{code}")
end
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community