You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 4, 2018. It is now read-only.
iRare Media edited this page Sep 22, 2013
·
1 revision
Authorization is done using a client-side OAuth flow. This allows native apps to implement a native authentication flow, while minimizing the amount of time the client app needs the user's password. The flow is:
Create an OAuth app on GitHub.com.
Use the APIs below to request authorization for the user, with the client ID and secret for your OAuth app.
Use the OCTAuthorization's token and +[OCTClient authenticatedClientWithUser:token:] to perform requests with your authorization.
Note that because the client secret will be embedded in your app and sent over the user's internet connection, the secret isn't terribly secret. To help mitigate the risk of a web app stealing and using your client ID and secret, set your the Callback URL for your OAuth app to a URL you control. Even though this URL won't be used by your app, this will prevent other apps from using your client ID and secret in a web flow.