The Proxy URL lets the OAuth providers (Gmail, Yahoo or Outlook.com) know that you are asking CloudSponge to get the address book for you. The sole purpose of this page is to accept the OAuth code parameter from the provider and “proxy” it to CloudSponge.
The OAuth flows provided by Gmail, Yahoo and Outlook.com are designed for a site like yours to request access to a person’s address book. After the person grants consent, they are redirected back to your app. In order for CloudSponge to be able to do the heavy lifting of importing and normalizing the contacts for your site, your application must hand the consent code over to CloudSponge.
You can accomplish this with a special page on your site that we refer to as Proxy URL.
The diagram below shows the Proxy URL in orange. If the Proxy URL is missing or doesn’t function properly, the “code” will not be passed to CloudSponge and the address book import will appear to be abandoned.
The Proxy URL must be hosted by your application so that the OAuth provider can verify that your application is controlling the flow of data. For example, Google wants to be sure that they are redirecting the browser back to your application. It manually verifies all apps that request access to users’ address books.
Complete the following steps to install and test your OAuth proxy endpoint:
- Download the file here or review the full gist.
solo-auth-proxy.htmlto the same directory on your web server. Your Proxy URL is done!
- Verify the Proxy URL by visiting the
solo-auth-proxy.htmlpage on your server.
You should see some text and a link. Make a note of the URL, you will use this URL as Proxy URL when setting up your Developer Accounts and also the OAuth Credentials in CloudSponge.
Next you can set up your OAuth Credentials for each OAuth source, using the URL for
Server-side Proxy URL (deprecated)
api.cloudsponge.com: all request data should be forwarded directly upstream to
https://api.cloudsponge.com/auth. Likewise, all response headers and data should be returned directly to the client. The page you create on your site to proxy requests needs to accept all
GETparameters, make an HTTP connection to
https://api.cloudsponge.com/auth, passing the parameters with the request. When the response comes back from
api.cloudsponge.com, the exact headers and body should be returned to the client. The typical gotcha is following redirects:
api.cloudsponge.com/authreturns a 302 response in many cases. Ensure that your system is configured to not follow redirects for the proper result.
CloudSponge may return a
302 Found and a
Location in the response header. This response header should be returned to the user’s browser. Some platforms will automatically follow redirects so you must ensure that this functionality is turned off on your system.
Important Note: The Proxy URL cannot follow any redirect response from CloudSponge. It must proxy the request and include any GET parameters with the payload to CloudSponge.
We have several reference implementations of working Proxy URLs: