OAuth for Apps: Sample Universal Application for Windows
This sample shows how to do an OAuth 2.0 Authorization flow from a Universal Windows Platform (UWP) app. It is one of a series of OAuth samples for Windows.
When doing an OAuth 2.0 Authorization flow in a native application, it is important to follow best practices, which require using the browser (and not an embedded browser).
This sample demonstrates how you can open the user's browser with your OAuth 2.0 authorization request (where they might already be logged in!), have them complete the consent, receive the Authorization Code using a URI scheme registered by your app, and exchanging that code for authorization tokens.
The protocols referenced in this sample are documented here:
- Open the solution file:
- Run the app your Local Device, or the device of your choosing.
- When the app starts, tap "Sign in with Google" and go through the flow.
Using your own credentials
The Sample comes backed with some demo client credentials, which are fine for testing, but make sure you use your own credentials before releasing any app, or sharing it with friends.
- Visit the Credentials page of the Developers Console
- Create a new OAuth 2.0 client, select
iOS(yes, it's a little strange to select iOS, but the way the OAuth client works with UWP is similar to iOS, so this is currently the correct client type to create).
- As your bundle ID, enter your domain name in reverse DNS notation. E.g.
if your domain was "example.com", use "com.example" as your bundle ID.
Note that your bundle ID MUST contain a period character
., and MUST be less than 39 characters long
- Copy the created client-id and replace the clientID value in this sample
- Edit the manifest by right-clicking and selecting "View Code" (due to a limitation of Visual Studio it wasn't possible to declare a URI scheme containing a period in the UI).
- Find the "Protocol" scheme, and replace it with the bundle id you registered in step 3. (e.g. "com.example")
If you have a question related to these samples, or Google OAuth in general,
please ask on Stack Overflow with the
If you've found an error in this sample, please file an issue: https://github.com/googlesamples/oauth-apps-for-windows/issues
Patches are encouraged, and may be submitted by forking this project and submitting a pull request through GitHub.
The protocols and best practices used and implemented in these samples are
defined by RFCs. These expert-level documents detail how the protocols work,
and explain the reasoning behind many decisions, such as why we send a
code_challenge on the Authorization Request for a native app.
- Internet-Draft: OAuth 2.0 for Native Apps BCP
- RFC6749: OAuth 2.0
- RFC6750: OAuth 2.0 Bearer Token Usage
- RFC6819: OAuth 2.0 Threat Model and Security Considerations
- RFC7636: OAuth 2.0 PKCE
Copyright 2016 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.