How to whitelist external URL in Hipchat addon for authentication?

I am trying to authenticate users for add-on, but am unable to load the external URL to provide the login screen.

route checks if user is authenticated with external app. If so, does its thing. If not, redirect to login url for authentication (directly in sidebar). 

When it gets to res.redirect(org.getAuthUri()); it just displays blank screen since the external URL cannot be loaded in hipchat. I was hoping I could just add a whitelist to the add-on, but do not see any documentation on doing that. 

 

app.get('/salesforce', 
    addon.authenticate(),
    function(req, res) {
      var org = nforce.createConnection({
      clientId: "xxxxxxxxxxxx",
      clientSecret: "xxxxxxxxxx",
      redirectUri: oauthCallbackUrl(req),
      environment: "sandbox",
      mode: 'single'
    });
    if (req.query.code !== undefined) {
      // authenticated
      org.authenticate(req.query, function(err) {
        if (!err) {
          org.query({ query: 'SELECT id, CaseNumber, Status FROM Case' }, function(err, results) {
            if (!err) {
              res.render('index', {records: results.records});
            }
            else {
              res.send(err.message);
            }
          });
        }
        else {
          if (err.message.indexOf('invalid_grant') >= 0) {
            res.redirect('/salesforce');
          }
          else {
            res.send(err.message);
          }
        }
      });
    }
    else {
      res.redirect(org.getAuthUri());
      
    }
  });

1 answer

1 accepted

You do not need to whitelist a site to be loaded as part of an HC Connect integration.

The first thing I would check is that the page you are redirecting to is using https rather than http, as it is not possible to load http pages in iframes when the host page is loaded over https.

The second thing I would check is that the login page does not explicitly prevent it from being loaded in an iframe. In particular sites are able to use the x-frame-options to prevent their login screen from being loaded within an iframe (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options). This is actually a really good thing - as loading a login page within an iframe is an antipattern (very easy to phish as users cannot see your padlock / https details).

It may be worth considering using an external page to host the login screen - https://www.hipchat.com/docs/apiv2/externalPages. This will allow you to load the login screen in a separate browser window.

Michael,

Thanks for that info. Indeed it does appear the login page is blocked from loading in iframe. I was looking at external page, and finally have that almost working, but it opens browser window, authentication works, callback sends me to callback URL in browser instead of sending back to the add-on. This, I am sure, is due to my lack of knowledge/skills on JS/Node/Express/etc...

In the end, I do not need answers to the above as I am taking a different route for the authentication scheme for this add-on. I will leave the outstanding "how do I" questions as an exercise/challenge for me to learn.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Mar 26, 2018 in Hipchat Data Center

Migration of Hipchat server to Data Center - a retrospective

...able to use the clients After a bunch of testing (rooms, memberships, check for private message history, and most importantly - the custom emoticons!) nearly everything was looking as we needed, however...

439 views 2 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you