Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OAuth for Desktop apps?

Tags:

oauth

i wonder how do desktop apps without any domain names use oauth? or is it not supposed to be used this way? if so what do i use? say for tumblr they have an authentication api so i will have to put the username and password in the url/query string?

i am thinking of using WPF/Adobe AIR. how does something like tweetdeck work?

like image 356
Jiew Meng Avatar asked Sep 19 '10 02:09

Jiew Meng


People also ask

How do I add OAuth app?

Create authorization credentials Go to the Credentials page. Click Create credentials > OAuth client ID. Select the Web application application type. Complete the form.

What are OAuth apps?

OAuth is a delegated authorization framework for REST/APIs. It enables apps to obtain limited access (scopes) to a user's data without giving away a user's password. It decouples authentication from authorization and supports multiple use cases addressing different device capabilities.

Does Microsoft support OAuth?

OAuth2 support for IMAP, POP, SMTP protocols as described below is supported for both Microsoft 365 (which includes Office on the web) and Outlook.com users. If you're not familiar with the OAuth 2.0 protocol, start by reading the OAuth 2.0 protocol on Microsoft identity platform overview.


2 Answers

I've been puzzled by the same question about lack of domain or app url, but it turns out redirection is not the only possible way to complete OAuth authentication process.

I.e., when webapp requests access it provides callback url: the one user will be redirected to when process is completed. That's how webapp know that everything's done.

But you can't redirect to application on user's machine. Thus, there's another way: upon successful authentication server presents special code to the user. Then user copies this code and provides it to application.

You can see both ways described in specification draft.
Also, here's an example of this authentication flow with twitter.

like image 114
Nikita Rybak Avatar answered Sep 19 '22 08:09

Nikita Rybak


It looks like it may be possible, see googles docs on the subject:

https://developers.google.com/identity/protocols/oauth2/native-app

like image 37
Chris Avatar answered Sep 17 '22 08:09

Chris