Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.
PLEASE READ - Webmaster Support Forum
This forum will be retired in the near future. Please direct all queries to our dedicated GitHub support page https://github.com/vatsimnetwork/developer-info/discussions 
Here you can find documentation on our services and we are continuing to migrate pertinent information into the Wiki pages https://github.com/vatsimnetwork/developer-info/wiki

VATSIM Connect Discussion


Zach Biesse-Fitton
 Share

Recommended Posts

Harrison Scott
Posted
Posted

Hi @Ilya Pyankov,

That error is caused when an organisation is not active. If you just signed up your organisation will still be pending approval. 

Please ensure that you've met the requirements that we're displayed when you created the organisation. Once these requirements have been met, the VATSIM IT department can process your organisation. If you have any issues don't hesitate to drop a reply here or get in contact with the web team or myself via email. 

Hope this helps

Regards

Harrison Scott
VATSIM Web Developer
Director Operations, VATSIM Australia Pacific
[email protected]

 

 

Link to comment
Share on other sites

  • 2 months later...
Wildan Gunawan
Posted
Posted
On 4/28/2020 at 9:45 AM, Harrison Scott said:

Hi Guys,

@Mike Welten We could facilitate Active/Inactive, Reg Date and suspended (Should be their rating, I'll investigate the demo account).

@Calum Towers Reg date can certainly be added, I'll add it to the list.

Thanks for your feedback on Connect, I'll get back to you all ASAP.

Cheers

Harrison

Hi Harrison,

Is there any estimation date regarding the reg date?

Cheers!

Link to comment
Share on other sites

Blake Nahin
Posted
Posted
On 4/26/2020 at 8:28 PM, Blake Nahin said:

It seems that after redirecting back from VATSIM, if successful, the return URL does not include the state parameter. It only has code. The state parameter is only included if access is denied.

(Reposted from the other forum since it seems this is where questions should be)

Is there any update regarding this issue as well?

spacer.png

Blake Nahin

VATUSA Data Services Manager

https://vatusa.net

Link to comment
Share on other sites

  • 2 weeks later...
Nelis Coetzee
Posted
Posted

Good day gents.

 

I am a complete noob when it comes to oauth. I want to implement it with discord and also with moddle for our atc and pilot training.

But lets tackle Discord first.

What should my settings look like for the oauth to work. I get as far as the discord login, but after that dismal failure.

Thanks very much.

 

Screenshot_15.png

 

vatssa_sig.png.80936d5d8c0f6d32ad486bd8291ca4ff.png

Link to comment
Share on other sites

Wildan Gunawan
Posted
Posted

Hi all,

I found out that in development account, 10000007 doesn't have a division. Does this is a bug or it really can happen in live account?

Cheers.

Link to comment
Share on other sites

Nestor Perez
Posted
Posted

It *shouldn’t*, but there is a few accounts around for which it is the case.

Me.

Link to comment
Share on other sites

  • 1 month later...
Wenlue Zhang
Posted
Posted

I am wondering if an application separates front-end and back-end, how do we integrate VATSIM Connect into it? 

I did some searching for this and inspired by a question on StackOverflow (I like the flowchart! Re-post it below). Now my guess is that the whole process of the authorization will be divided into these steps below. Please correct me if I am wrong.

  1. User clicks the "Login" button on the front-end. The application redirects the user to /authorize endpoint.
  2. VATSIM Connect returns an authorization code.
  3. The front-end sends the authorization code to the backend.
  4. The backend uses the code and sends a POST request to VATSIM for access_token and refresh_token
  5. VATSIM responses with access_token and refresh_token
  6. The backend uses access_token and gets user information from VATSIM, then generate a token, which is used to communicate with the front-end.
  7. The backend returns the token to the front-end.

But then here comes the questions. Note that there may be more than one versions of front-end (e.g. Web App, iOS app, Android App, etc.) for the backend, and the front-end may not be under the same domain as the backend (CORS issue).

  1. What credentials should be included as parameters in the requests for each step above? I would put my guess here.
    1. From the documentation, for /authorize, at least "response_type", "client_id", "redirect_uri" and "scope" are needed.
    2. VATSIM Connect returns as with "code" for authorization code.
    3. For the communication between front-end and backend, at least "code" is required. It also needs to send "client_id" to the backend.
    4. To use /token endpoint, "client_id", "client_serect", "code" are needed.
    5. VATSIM Connect returns "access_token" and "refresh_token" in the response
    6. To use /user endpoint, "access_token" is required
    7. The backend returns "token" to the front-end.
  2. Where should the "client_id" get stored? Or use different "client_id" for each version of front-end? This may lead to a different answer to 1.3 above.
  3. Where should the "client_secret" get stored? This may also affect the answers above.
    1. If the front-end is a web application, apparently storing it there is not a safe option.
    2. If storing it in the backend, what should the "redirect_uri" be set to? (front-end/backend)

The question appears as in the OAuth 2 standard (RFC6749), the authorization server should also support "response_type=token", allowing a client can directly get a short-lived access_token to gain user data, while VATSIM Connect only supports for "response_type=code". This requires the usage of "client_secret", which is not suitable to be exposed in a web application. But I think the process above should (almost!) solve the problem, except that there may still be some security issues existing. 

spacer.png

Wenlue Zhang | Contact me

Senior Controller (C3)
P.R.China Division Webmaster (VATPRC8) 

spacer.png

Link to comment
Share on other sites

 Share