Tell me, is it possible during the authorization of the application in WebView via WebView , to get the authorization data (login / password) and use them later to get the token just by sending the url with the request?

Also wondering how to check the validity of the token during subsequent downloads of the application? As I understand it, by getting the value of expires_in you can estimate the expiration date of the token, and proceed to continue using the current or receive a new one?

    1 answer 1

    It is possible to make a javascript turn.

     WebView webView = new WebView(); Engine engine = webView.getEngine(); engive.executeScript("alert(\'alert\')");

    Instead of an alert, you need to implement your own logic (for example, when changing a field, get the contents of this field).

    But this is not good - to store user login and password (see point 2 ).

    The resulting token can be stored in a file, and you can constantly pull it from there (or in any other place, the main thing is not to be in the application itself, because when you exit the application, the token is lost)

    If the token is not valid, then any request will be answered with an error. You can constantly check respons - if there is a given error there, then you need to get a new token (read - overflow).

    • Yes, the point is that you do not want to "re-login" to get a new token. And in practice, in almost all applications of this kind, credentials are entered once (and the next one only when the password is changed). This case is the most convenient, I think. Plus, probably you can serialize the class with the authorization data into a byte code, at least, to make it more difficult to read directly. - I. Perevoz
    • It is undoubtedly convenient, but will you use the application, knowing that it stores your personal data? From accounting, what is this unofficial app? And what can be serialized can also be deserialized. - Andrew Bystrov