I was looking for a programmatic way to get authorization
code to login with Amazon also called LWA. An authorization code is merely a first step in the
authorization code grant as documented here: https://developer.amazon.com/docs/login-with-amazon/authorization-code-grant.html
However it seems the implementation for the OAuth is different from that for AWS or Alexa. When it is an OAuth for a device, the REST APIs are helpful to get a code and a token. The implementation here is geared towards loading the Login With Amazon SDK. There is no denying that OAuth requires a user interface to accept the credentials from the user.
http://httpunit.sourceforge.net/doc/api/com/meterware/httpunit/WebResponse.html
WebForm form = resp.getForms()[0];
WebResponse response = form.submit();
String atMainToken = response.getCookieValue("at-main");
at-main token is not the same as oa2.access_token but it helps especially if there is a utility for translation.
However, client interactions could also be tolerated in the absence of a user. While this may not be required from the RFC, it does provide a convenience. The client redirects the user to the authorization server with the following parameters response_type, client_id, redirect_uri, scope and state. When the authorization server is satisfied, the user is asked to login to the authorization server and approve the client, The user is then redirected to the redirect_uri along with code and state. This code can then be swapped for token by the client using the oauth endpoints.
The access token can be decoded and validated using the oauth endpoints. It can also be used to refresh the tokens. To get the access tokens, when we load the LWA SDK on a page, the page calling the SDK must be in the same domain as the redirect_uri specified. This would otherwise lead to cross domain origin and will not be allowed. Even if we set the Origin and Referer header fields with the help of an interceptor to overcome the CORS policy of the browser, the server may reject the request. Moreover, the page making the request with the Javascript SDK must be secured with https.
http://httpunit.sourceforge.net/doc/api/com/meterware/httpunit/WebResponse.html
WebForm form = resp.getForms()[0];
WebResponse response = form.submit();
String atMainToken = response.getCookieValue("at-main");
at-main token is not the same as oa2.access_token but it helps especially if there is a utility for translation.
However, client interactions could also be tolerated in the absence of a user. While this may not be required from the RFC, it does provide a convenience. The client redirects the user to the authorization server with the following parameters response_type, client_id, redirect_uri, scope and state. When the authorization server is satisfied, the user is asked to login to the authorization server and approve the client, The user is then redirected to the redirect_uri along with code and state. This code can then be swapped for token by the client using the oauth endpoints.
The access token can be decoded and validated using the oauth endpoints. It can also be used to refresh the tokens. To get the access tokens, when we load the LWA SDK on a page, the page calling the SDK must be in the same domain as the redirect_uri specified. This would otherwise lead to cross domain origin and will not be allowed. Even if we set the Origin and Referer header fields with the help of an interceptor to overcome the CORS policy of the browser, the server may reject the request. Moreover, the page making the request with the Javascript SDK must be secured with https.
#codingexercise
Yesterday we were given three sorted arrays and we wanted to find one element from each array such that they are closest to each other. One of the ways to do this was explained this way: We could also traverse all three arrays while keeping track of maximum and minimum difference encountered with the candidate set of three elements. We traverse by choosing one element at a time in any one array by incrementing the index of the array with the minimum value.
By advancing only the minimum element, we make sure the sweep is progressive and exhaustive.
We don't have to sweep for average because we could enumerate all the elements of the array to find the global average. then we can find the elements closest to it in the other two arrays.
List<int> GetAveragesFromThreeSortedArrays(List<int> A, List<int> B, List<int> C)
{
var combined = A.Union(B).Union(C).ToList();
int average = combined.Avg();
return GetClosestToGiven(A, B, C, average);
}
Yesterday we were given three sorted arrays and we wanted to find one element from each array such that they are closest to each other. One of the ways to do this was explained this way: We could also traverse all three arrays while keeping track of maximum and minimum difference encountered with the candidate set of three elements. We traverse by choosing one element at a time in any one array by incrementing the index of the array with the minimum value.
By advancing only the minimum element, we make sure the sweep is progressive and exhaustive.
We don't have to sweep for average because we could enumerate all the elements of the array to find the global average. then we can find the elements closest to it in the other two arrays.
List<int> GetAveragesFromThreeSortedArrays(List<int> A, List<int> B, List<int> C)
{
var combined = A.Union(B).Union(C).ToList();
int average = combined.Avg();
return GetClosestToGiven(A, B, C, average);
}
No comments:
Post a Comment