Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use implicit grant type in OAuth 2.0 for mobile apps?

I have read a tutorial regarding OAuth 2.0 and implicit grant type. I still don't understand how implicit grant type will work for mobile (iOS or Android). For example if we create an SSO App (like Facebook) and make an SDK to give this service. Does the SSO app contacts the Authorization server pragmatically or via a web view?

Also another point is that - implicit grant type requires you to send a Redirect URI. I understand that you can make a custom uri schema for iOS and do this. What I don't understand is how the authorization server calls a custom URI on the device.

like image 962
Chan Avatar asked Mar 11 '14 17:03

Chan


1 Answers

For Oauth2 in mobile apps you can set your redirect_uri to some dumy URL like http://localhost/redirect/ and then use the webview's "onload" event to check the URL for access_token

For example in iOS, you can load the authorization url in webview, and use delegate method to check the redirect_uri for access_token like this:

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType {
    NSURL *Url = [request URL];
    ...
}

You can also do this in Phonegap app with HTML5/JavaScript using InAppBrowser:

var loginWindow = window.open(login_url, '_blank', 'location=yes');
$(loginWindow).on('loadstart', function(e) {
    var url = e.originalEvent.url;
    var access_token = url.split("access_token=")[1];
    ...
}

full code here: https://github.com/krisrak/jquery-cordova-oauth2

like image 145
krisrak Avatar answered Sep 18 '22 22:09

krisrak