Thread: [SailfishOS] [Announce] Rockpool - Pebble daemon for Sailfish
View Single Post
ruff is offline ruff
2016-03-31 , 15:50
Posts: 207 | Thanked: 482 times | Joined on Mar 2016
#165
As per docs accountToken _may_ be used by apps to store user-specific data. It doesn't say it's an OAuth token which could be used by 3d parties to auth user against the store.

What it obviously carries back is user's store interaction: eg. which apps are marked by user as being liked. eg below is what I captured from my android client:
Code:
GET https://dev-portal.getpebble.com/api/users/me?access_token=<accessToken>
{
    "applications": [],                                                     
    "users": [
        {                                                                   
             "added_ids": [
                "566dc3ab7929075b2e000042",
                "550ccb556caaed4e0100006d",
                "540f7cafbc27450164000157"
            ],
            "applications": [],
            "flagged_ids": [],
            "href": "https://dev-portal.getpebble.com/api/users/<some uid>",
            "id": "<some uid>",
            "name": "ruff",
            "uid": "<some uid>", 
            "voted_ids": []
        }
    ]
}
This data fetch doesn't require authentication - any request to the URL with valid accessToken returns my appstore details (I've tried private window fetching and curl). I'm not sure though what would be accountToken - accessToken, id or uid of the user.

To nail down app problem to the wrong usage of the accountToken we need to dump js code and see whether it attempts using it. But I still am thinking we should rather return empty string, since token is returned only when logged in to the store. Proper app then should suggest user to log into the store if it requires certain interaction with it using the token.
Last edited by ruff; 2016-03-31 at 15:56.
 

The Following 3 Users Say Thank You to ruff For This Useful Post: