Reputation: 11037
oauth 2 implementation in mobile SDK
I have created the SDK and now want to integrate oauth for authentication process. Now I want to do same as Facebook SDK do, if client app is already installed and login, it switch to that app ask for permission and switch back to app who wants to authorise it. if client app is not there is will open the webpage and on login ask for permission and then redirect to my app after login.
We have implemented the oauth on server but not sure which grant_type we will use to achieve the above functionality. We can not store the password in client app.
Let me know if anyone has idea how to achieve this functionality and implementing the same flow as other SDKs(Facebook, Twitter) does.
Upvotes: 2
Views: 469
Answers (2)
Reputation: 5742
I think you already answered your own question when you said "I want to do same as Facebook SDK does".
Facebook SDK provides the framework for detecting if Facebook application is installed in order to avoid signing up through WebView interface. Google also provides an authentication and authorization API through Google+ sign instead of a browser. As you can see:
the documentation suggests using the right device infrastructure rather than the system browser.
According to this post, it is possible detecting programmatically check if an application is installed. For Android, I think that boths SDK check if their related apps are installed when you trigger the sign up/in/out process and invoke the system browser if necessary.
Thus, in order to provide a generic OAuth 2.0, you also could do the same programmatically, but I guess that drilling this information, pick the right application, and launch it won't be an easy task.
Upvotes: 0
Reputation: 11037
For mobile based apps use the following URL for authentication:
POST https://api.example.com/token grant_type=authorization_code& code=AUTH_CODE_HERE& redirect_uri=REDIRECT_URI& client_id=CLIENT_ID
Pass the authentication code from the app if user is login else if user is not login first navigate to login page, on successful login authorization page come as-usual. NOTE: It might be unsecure as we are sending the code in query param, but doing it in request over ssl enhanced security.
For browser authentication
https://example.com/auth?response_type=token& client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=photos
where authentication picks the login session if user is already login.
Upvotes: 2
Related Questions
- How to implement OAuth2 authorization on Android
- OAuth2 authentication from a mobile client using Facebook or Google or any other third-parties
- Facebook registration flow from Android
- Using Facebook Login with my OAuth2 API
- OAuth2 Authorization Code with Facebook iOS SDK
- Oauth 2 on an Android app
- OAuth2 Login on Android and iOS
- Implementing oauth in android
- How to use Facebook OAuth within Android native?
- Android & OAUTH 2.0