0

Any idea how I can test

I have a GWT app that retrieves data from the Asana API.

I've not been able to test locally since the Deprecation of OAuth 2.0 ‘http’ Redirects.

The Asana Docs (https://asana.com/developers/feed/oauth-http-redirect-deprecation) say I can use stunnel: "For non-production or personal use, you may wish to check out stunnel, which can act as a proxy to receive an encrypted connection, decrypt it, and forward it on to your application"

My stunnel config so far is:

[asana_test]
accept  = 9999
connect = 8888
cert = stunnel.pem

And my app is configured with:

"auth_uri":"https://app.asana.com/-/oauth_authorize",
"token_uri":"https://app.asana.com/-/oauth_token",
"redirect_uris":["https://127.0.0.1:9999/asanaoauth2callback"],
"javascript_origins":["http://127.0.0.1:8888"]

but with that I get a 500 error on the url https://127.0.0.1:9999/asanaoauth2callback?code=xxxx:

HTTP ERROR 500
Problem accessing /asanaoauth2callback. Reason:
Could not verify SSL certificate for URL: https://app.asana.com/-/oauth_token
Daniel Webb
  • 41
  • 7

1 Answers1

0

I'm a Developer Advocate here at Asana. I can maybe tell you the answer to your question, but first, it's worth highlighting that there should be an easier way:

tl;dr: At one point, due to a proactive security fix, we become somewhat too restrictive with our redirect URI checking. We've since relaxed a bit for testing/development apps: if and only if your app's redirect url begins with "http://localhost", we should allow you to use that url without using https for the redirect.

Alternatively, the stunnel route is intended to provide a workaround for folks who choose to go that route. My suspicion is that the certificate that is being used by stunnel is self-signed, so when your app tries to redirect to that location, whatever is being redirected (probably a browser) doesn't like the certificate - it's the equivalent of the "This site is unsafe" big red lock thing that happens when you go to any website that has a certificate that didn't come from a Certificate Authority.

(what is slightly odd to me is that it seems to be saying that it couldn't verify the certificate for asana.com - which is indeed issued by a CA. That's a separate issue and harder to debug, because it should be absolutely fine to try to connect to asana.com with https)

Matt
  • 10,434
  • 1
  • 36
  • 45
  • Thanks Matt, seems I had 2 problems not 1! Using http://localhost:8888 now works, but – Daniel Webb May 04 '17 at 08:39
  • Thanks Matt, I can confirm that http://localhost:8888 works as an accepted callback url. Unfortunately it seems I had 2 problems not 1 as I still get the 500 error. It may be that my stunnel config was actually working, but I'll have to fix the 500 error first to find out. Should I create another question? – Daniel Webb May 04 '17 at 08:48