Announcement

Collapse
No announcement yet.

Approach for recieving callback from external application

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Approach for recieving callback from external application

    Hello,

    I'm creating some functionality, during which there is a need to redirect from an external application to the Miva admin, where the application will post some parameters that I need to catch and save in Database. It will redirect to my registered URL of the store with those parameters.
    Right now, I'm totally confused, which way should I go to catch that redirect from the external application. Thought about creating a new page, but then it will be too much for catching those parameters only.
    Can anyone provide some pointers for this? How can I directly receive those parameters in Mivascript itself?
    Rajnish Sinha
    ---------------------
    https://twitter.com/rajnishsi

    #2
    Re: Approach for recieving callback from external application

    Not quite sure what you are trying to achieve here. However, here are some general external data gathering methods.

    First, if the data is to be used BY the admin, you need to request the external data from within the admin OR store the data in a Merchant table for later access through the admin.

    The only secure way to request data from within the admin would be to create a module. That module would provide both the interface for accessing the call to the external data as well as functions to manage the data.

    The actual method could be using an MvCALL or simple form POST/GET.
    Bruce Golub
    Phosphor Media - "Your Success is our Business"

    Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
    phosphormedia.com

    Comment


      #3
      Re: Approach for recieving callback from external application

      Hi Bruce,

      I'm afraid that MvCALL is not an option here. The way it will work is, admin user will perform some action which will take him to some external URL, at that external URL, 3rd party application will verify some details, and after that it will send the user to a store URL with some data, either in GET or in POST format.
      What I need is to gather that data in Admin, and then store it in Database. So, you see that, data gathering is not actually initiated by the store. I need to register the URL in advance to that 3rd party application, and it will send the data to only that URL.

      I'm creating a module, but not able to decide which features will allow me to gather that data inside admin.

      It's an OAuth application, so the above scenario is absolutely necessary and I can't alter the way it behaves. Only thing I can control is what URL to register for callback and how to gather data at that URL securely.
      Rajnish Sinha
      ---------------------
      https://twitter.com/rajnishsi

      Comment


        #4
        Re: Approach for recieving callback from external application

        If the external action initiation is manual (i.e., someone accesses that screen in the admin) than a standard util, util-vis module is all that is needed. The _content function can display the interface needed to request data or display prompts, the _validation function tests that requirements are made and then you do your post/get functions in the _action functions.
        Bruce Golub
        Phosphor Media - "Your Success is our Business"

        Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
        phosphormedia.com

        Comment


          #5
          Re: Approach for recieving callback from external application

          Hi Raj,

          I'm not quite sure if I understand what you're trying to do. But I've written some modules that allow an external program to send data and trigger actions in the Miva admin. I have to use a rather long URL, something like:
          Code:
          http://YourStore.com/mm5/admin.mvc?username=UUUUU&password=PPPPP&Action=SMOD ....
          There are some additional URL parameters to specify the module, the admin tab, etc. I was able to figure most of that out from looking at the URLs used within the admin to go from one page to another ... plus a little help from Burch :^) .

          Hope that helps --
          Last edited by Kent Multer; 08-22-15, 11:20 AM.
          Kent Multer
          Magic Metal Productions
          http://TheMagicM.com
          * Web developer/designer
          * E-commerce and Miva
          * Author, The Official Miva Web Scripting Book -- available on-line:
          http://www.amazon.com/exec/obidos/IS...icmetalproducA

          Comment


            #6
            Re: Approach for recieving callback from external application

            If you use the System feature in the module, you can process custom screens and/or actions. Any values POSTED will be globals and can be easily processed (saved into database etc).
            Gordon Currie
            Phosphor Media - "Your Success is our Business"

            Improve Your Customer Service | Get MORE Customers | Edit Any Document Easily | Free Modules | Follow Us on Facebook
            phosphormedia.com

            Comment


              #7
              Re: Approach for recieving callback from external application

              @Bruce, I have created a Utility module for data entering in admin, After the store admin user fills and save details, he can go to the external URL based on those details for access token. So far all is good. The problem starts after that. When the user verifies credentials at the external application, it redirects them back to a URL registered earlier. So, my problem is, what type of URL to register there, that only the user logged in as admin can be redirected there ?

              @Kent, Your suggestion looks good, just one thing I want to know, won't it create another session for currently logged in admin user. Just curious, whether, it will conflict with the concurrent admin seats functionality of Miva. I'll try this to see if it happans.

              @Gordon, This exactly is what I currently have with the Utility feature, but as I mentioned above, I need to be able to perform that action only on the behalf of currently logged in admin user if any. I am struggling on getting that. If I just redirects there myself without logging into admin, I'm opening the access to some database tables from site front, a little hesitated to to that. Although I can perform some checks in there, but not sure I'll be able to cover all possibilities, after all it will be simply visiting a URL with some query parameters.
              Rajnish Sinha
              ---------------------
              https://twitter.com/rajnishsi

              Comment


                #8
                Re: Approach for recieving callback from external application

                If you want to return to an existing admin session, instead of creating a new one, I imagine you can do that by passing the session ID, instead of a username and password. Haven't tried it myself though.
                Kent Multer
                Magic Metal Productions
                http://TheMagicM.com
                * Web developer/designer
                * E-commerce and Miva
                * Author, The Official Miva Web Scripting Book -- available on-line:
                http://www.amazon.com/exec/obidos/IS...icmetalproducA

                Comment


                  #9
                  Re: Approach for recieving callback from external application

                  Not sure if I'm missing something here, but why do you ever need to leave the admin?

                  Form Gets can retrieve data from external sources and you can then do what you want with that data from with in the initial admin session.
                  Bruce Golub
                  Phosphor Media - "Your Success is our Business"

                  Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                  phosphormedia.com

                  Comment


                    #10
                    Re: Approach for recieving callback from external application

                    You could use json.mvc instead of merchant.mvc (need to add the json feature) and restrict to admin session. Kent's suggestion of passing the admin session ID to the external site would work.

                    Still, this presents some security issues you have to handle. As Bruce said, if you could POST to the external site, receive some token/data, all while staying logged in to the admin, you would sidestep most security problems. Is the external site/service under your control or does it offer a service interface?
                    Gordon Currie
                    Phosphor Media - "Your Success is our Business"

                    Improve Your Customer Service | Get MORE Customers | Edit Any Document Easily | Free Modules | Follow Us on Facebook
                    phosphormedia.com

                    Comment


                      #11
                      Re: Approach for recieving callback from external application

                      @Kent, I can't use Session ID, because the redirect URLs need to be registered earlier, and moreover, they need to stay same. Session IDs are generated dynamically, and can't be known in advance.

                      @Bruce, the reason I need to leave admin, is because of the 3rd party application which is not at all under my control. That application requires users to visit a certain URL with some parameters inside it's domain, where it validates that data, and return some app specific credentials on my registered callback URL.

                      @Gordon, JSON feature is a valid solution for situations like this, but I'm afraid I can't use that as my requests can't use JSON data. They have to be full redirections from browser.

                      So far, I have created a Utility module, which allows store owner to enter the initial data. After saving that data, I'm redirecting the user to the 3rd party application with that data, and upon successful validation there, user is redirected back to the Miva store with some credentials. To get those credentials, I have used the System feature and recorded that using that.

                      Redirection URL I'm registering now, is a custom Screen which is captured by my System feature function. Inside that, I'm able to get that data and store it in admin. So the problem, is to how can I be sure, at my SystemModule_Screen function, that Screen is actually requested by some admin user and that user is still logged in to the admin panel ?
                      Rajnish Sinha
                      ---------------------
                      https://twitter.com/rajnishsi

                      Comment


                        #12
                        Re: Approach for recieving callback from external application

                        Ok, maybe I'm missing something, but isn't that what an "HTTP" post does? (i.e., visit a URL and posts credentials and receives a response?)

                        And this is also where using MvCall might come in handy, as its EXACTLY like a user visiting a page. The URL queried can make no distinction from a Human connection verse an MvCall connection.
                        Bruce Golub
                        Phosphor Media - "Your Success is our Business"

                        Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                        phosphormedia.com

                        Comment


                          #13
                          Re: Approach for recieving callback from external application

                          Originally posted by rajnishsi View Post
                          @Gordon, JSON feature is a valid solution for situations like this, but I'm afraid I can't use that as my requests can't use JSON data. They have to be full redirections from browser.
                          The json feature does not require using JSON. We use it all the time to return HTML, text or JSON.

                          If you POST to json.mvc, you can use a type=admin that will require authentication (via passing admin session ID).
                          Gordon Currie
                          Phosphor Media - "Your Success is our Business"

                          Improve Your Customer Service | Get MORE Customers | Edit Any Document Easily | Free Modules | Follow Us on Facebook
                          phosphormedia.com

                          Comment

                          Working...
                          X