-
Notifications
You must be signed in to change notification settings - Fork 879
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization Code retrieval from redirect URI #71
Comments
Unfortunately, neither of those options work for mobile apps with in-app browser tabs on Android or iOS. The browser title bar (
Who is the OAuth provider? Perhaps we can reach out to request they add custom URI scheme redirect support? I've already gone through those steps with some providers, and it can be very easy for them to implement if they are willing. Alternately, as a workaround you may need to host a HTTPS page somewhere to get the redirect from this provider, and then pass it on to your app. |
@WilliamDenniss thanks a lot for answering with a detailed post, this is really helpful. I was thinking the same on both approaches, but it's nice to have a confirmation on my presumptions. Concerning the OAuth provider, it's a client of ours which provides the OAuth server only for their own apps as far as I've understood, so it isn't a public API per say. I will however let them know about these concerns in order for them to have a proper URI scheme implementation put in place. Now just to confirm, if in the code example above I use: |
@bogdanzurac FWIW, you can |
@bogdanzurac correct. If you can register a redirect URI with the custom scheme at your provider, it should work as you described (app will get authorization response as an intent). That would be my recommendation, hopefully it's possible to make this minor modification to the authorization server. The other option is to register a |
@bogdanzurac Did that work for you? I tried But the custom tab says: "invalid parameter value for redirect_uri: Missing scheme" |
@hy9be I couldn't switch to a custom URI scheme because the client is a corporation and well... you know how big ass corporations move in regards to changing things... I've been told they will actually consider switching to the new standard, but not so soon. Oh well... Concerning what I did implement, was the localhost version inside a plain WebView + listening when a URL starting with "localhost" is being loaded. Not pretty, obviously, but hey, what can I do. |
@bogdanzurac Got it. Totally understood the "corporation" part. |
@bogdanzurac I have exactly the same issue as you did. Could you, please, provide some more details on the implementation of what you've described in your last comment? Would really appreciate some help. Thanks. |
Just use a standard WebView with an extended WebViewClient that overrides onPageFinished(), which checks if the url returned startsWith "http://localhost". That means the OAuth process has finished and returned the authorization code inside the URL param. It's not really much to it. |
I'm trying to use the library in conjunction with a 3rd party OAuth provider. I'm having issues though trying to return the Authorization Code back from the RedirectUriReceiverActivity. I have 2 options the server provides: either use http://localhost as the redirect URI and the Authorization Code will be returned as a query parameter; or use urn:ietf:wg:oauth:2.0:oob as the redirect URI and receive the code inside the web browser title.
Now I have 2 questions:
Calling the authorization service:
URI scheme:
The text was updated successfully, but these errors were encountered: