OAuth PKCE permission redirect

So i am trying to connect with a desktop application (written in Xojo) to a terminal (there is no SDK for the Xojo language). One of the steps is for the app to send a permission request to the seller. Since i am connecting from a desktop app I wanted to use a custom uri for the redirect. I have created a custom uri for my desktop application but when i try enter it in the oauth settings is not allowing me. It is asking for a https:// url. Is there another way to get the redirect info in my desktop app with a custom uri? I also do not want to set up a server just for this, that is the reason we are opting for the OAUTH PKCE option. Since Square is not accepting custom uri we have no idea how to accomplish this final step.

:wave: I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:


Additional Documentation

OAuth Walkthrough: Test Authorization with Web Server
OAuth API Overview
OAuth API Overview

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

https://developer.squareup.com/docs/oauth-api/walkthrough2 DOES NOT WORK…I get 404

Square’s OAuth process requires a redirect URL that uses the HTTPS protocol. This is a security measure to ensure that the authorization response from Square, which includes sensitive information like access tokens, is sent over a secure connection. Unfortunately, custom URI schemes are not supported for the redirect URL in Square’s OAuth process.

For desktop applications, one common practice is to run a lightweight local web server that listens on localhost and a predefined port. This local server can be used to receive the redirect from Square’s authorization page. The redirect URL in this case would be something like “https://localhost:8000/callback”.

However, please note that this approach still requires your application to be able to spin up a local web server, and it must use HTTPS. This might involve additional complexity such as handling SSL certificates for the local server.

If setting up a local server is not feasible, another option could be to use a cloud-based redirect endpoint that your application can poll for the result of the authorization. This would involve setting up a server, but it could be a simple cloud function or similar lightweight service.

In both cases, once your application receives the authorization response, it can then proceed with the PKCE flow to exchange the authorization code for an access token.

This answer was reviewed by @Bryan-Square.

One more question… if I am writing the application for myself and using my own token (seller), do i still need to follow the OAUTH step (redirect) for permissions to use the terminal api?

I do not believe so since i am using my own account. if i understand correct, the OAUTH step is to ask the seller for permission to use the terminal api so you can use their account to take payments. My app is not for sale and I am writing it for myself. Let me know if I am wrong here and maybe I do need to request for permission to myself. Not sure. TIA

If your going to use your personal access token then you won’t need to use OAuth. :slightly_smiling_face:

1 Like