It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to whitelist external URL in Hipchat addon for authentication?

I am trying to authenticate users for add-on, but am unable to load the external URL to provide the login screen.

route checks if user is authenticated with external app. If so, does its thing. If not, redirect to login url for authentication (directly in sidebar). 

When it gets to res.redirect(org.getAuthUri()); it just displays blank screen since the external URL cannot be loaded in hipchat. I was hoping I could just add a whitelist to the add-on, but do not see any documentation on doing that. 

 

app.get('/salesforce', 
    addon.authenticate(),
    function(req, res) {
      var org = nforce.createConnection({
      clientId: "xxxxxxxxxxxx",
      clientSecret: "xxxxxxxxxx",
      redirectUri: oauthCallbackUrl(req),
      environment: "sandbox",
      mode: 'single'
    });
    if (req.query.code !== undefined) {
      // authenticated
      org.authenticate(req.query, function(err) {
        if (!err) {
          org.query({ query: 'SELECT id, CaseNumber, Status FROM Case' }, function(err, results) {
            if (!err) {
              res.render('index', {records: results.records});
            }
            else {
              res.send(err.message);
            }
          });
        }
        else {
          if (err.message.indexOf('invalid_grant') >= 0) {
            res.redirect('/salesforce');
          }
          else {
            res.send(err.message);
          }
        }
      });
    }
    else {
      res.redirect(org.getAuthUri());
      
    }
  });

1 answer

1 accepted

0 votes
Answer accepted

You do not need to whitelist a site to be loaded as part of an HC Connect integration.

The first thing I would check is that the page you are redirecting to is using https rather than http, as it is not possible to load http pages in iframes when the host page is loaded over https.

The second thing I would check is that the login page does not explicitly prevent it from being loaded in an iframe. In particular sites are able to use the x-frame-options to prevent their login screen from being loaded within an iframe (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options). This is actually a really good thing - as loading a login page within an iframe is an antipattern (very easy to phish as users cannot see your padlock / https details).

It may be worth considering using an external page to host the login screen - https://www.hipchat.com/docs/apiv2/externalPages. This will allow you to load the login screen in a separate browser window.

Michael,

Thanks for that info. Indeed it does appear the login page is blocked from loading in iframe. I was looking at external page, and finally have that almost working, but it opens browser window, authentication works, callback sends me to callback URL in browser instead of sending back to the add-on. This, I am sure, is due to my lack of knowledge/skills on JS/Node/Express/etc...

In the end, I do not need answers to the above as I am taking a different route for the authentication scheme for this add-on. I will leave the outstanding "how do I" questions as an exercise/challenge for me to learn.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Hipchat

Hipchat Cloud and Stride have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

35,181 views 9 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you