How to use implicit grant type in OAuth 2.0 for mobile apps?

前端 未结 2 2030
醉梦人生
醉梦人生 2021-02-10 06:47

I have read a tutorial regarding OAuth 2.0 and implicit grant type. I still don\'t understand how implicit grant type will work for mobile (iOS or Android). For example if we cr

相关标签:
2条回答
  • 2021-02-10 06:55

    For Oauth2 in mobile apps you can set your redirect_uri to some dumy URL like http://localhost/redirect/ and then use the webview's "onload" event to check the URL for access_token

    For example in iOS, you can load the authorization url in webview, and use delegate method to check the redirect_uri for access_token like this:

    - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType {
        NSURL *Url = [request URL];
        ...
    }
    

    You can also do this in Phonegap app with HTML5/JavaScript using InAppBrowser:

    var loginWindow = window.open(login_url, '_blank', 'location=yes');
    $(loginWindow).on('loadstart', function(e) {
        var url = e.originalEvent.url;
        var access_token = url.split("access_token=")[1];
        ...
    }
    

    full code here: https://github.com/krisrak/jquery-cordova-oauth2

    0 讨论(0)
  • 2021-02-10 07:02

    The implicit grant type isn't well suited for mobile apps. This is what the corresponding RFC (RFC 6749) has to say about it:

    The implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript.

    For a mobile app, you're better off with the Resource Owner Password Credentials flow if you're making the official app for your own service, or the Authorization Code flow if you're accessing a third-party web service.

    0 讨论(0)
提交回复
热议问题