Sometimes you would like to be able to call a script from an application that only accepts http-based urls. One of the most common is the OAuth callback url. This is the url that is called when a user has successfully authenticated with a third-party service. The third-party service will call this url with a token that can be used to make requests on behalf of the user. This is a common pattern for services like Google, Facebook, Twitter, etc.
While FileMaker's fmp url protocol can call a script in any file that has been setup to alllow fmp url calls, it cannot be called from an http-based url. This means that you cannot use the fmp url protocol to call a script from an OAuth callback url. Most of the services require you to use https for callbacks.
Otto solves this problem by allowing you to setup a webhook that will call a script in a FileMaker file. Unlike use Otto's other webhook feature, this will use the fmp protocol to call the script in a FileMaker client session, not through the data API. This is exactly what you need to happen for an OAuth callback url.
How it works
It works similarly to Otto's webhook receving feature. Otto can listen for webhook requests on an endpoint and call a script in a file based on the url that is called. Here is an example:
In the above
:database should be substituted for the name of the file your target script is in.
:script should be substituted for the name of the script you want to call. The rest of the url is optional and can be used to pass parameters to the script. So if your file was named
Contacts.fmp12 and your script was named
OAuthCallback you would use the following url:
In the case of an Oauth callback url, the third-party service will call this url with a
token that can be used to make requests on behalf of the user. It also may include other parameters, like a
state parameter that you can use to verify that the request is coming from the service you expect.
Otto will call the
OAuthCallback script in the
Contacts.fmp12 file and instantiate the
token and any other parameters that were included in the url as
$state. You can then use these variables in your script to validate the callback and store the token in your database.
Query parameter handling
Otto has a few rules it applies to the query parsing and handling
- Otto removes any query parameter called 'script'. Pass the script name as part of the url instead. ( see above ).
- Otto will pass the value of
paramquery parameter to the script as the Script Parameter. You can use the Get(ScriptParameter) function to access this value in your script.
- You do not need to prefix your query parameters with
$in the url. Otto will do this for you.