iOS - AppAuth without redirection

Question

I'm developing an iOS application for a website using openId connect for authentication. So I came across AppAuth. But I need the authentication to be made using my own interface not from the browser. Is there a way using to achieve this AppAuth? Or is there another library that can help me achieve this goal?

I came across some answers in SO like: Does OpenID Connect support the Resource Owner Password Credentials grant? and Oauth2 flow without redirect_uri. But I need to know if I can achieve this using AppAuth.

Thank you.

Answer 1

Original text from https://github.com/openid/AppAuth-iOS at the end of the Readme.

"You don't need to stop with the included external user agents either! Since the OIDExternalUserAgent protocol is part of AppAuth's public API, you can implement your own versions of it. In the above example, userAgent = [OIDExternalUserAgentIOSCustomBrowser CustomBrowserChrome] would be replaced with an instantiation of your user-agent implementation."

Answer 2

One of the goals of OAuth is to avoid the app seeing the password. AppAuth is focused on externalising authentication from the app in this manner.

ROPC will give you the behaviour you want, but it is deprecated. Eg OAuth 2.1 Implementations will no longer support it.

AppAuth is tricky to implement - I have a blog post and code sample you can quickly run if interested - to understand goals. Once done though, you gave good security and usability.

Could you say why you want the above behaviour? Sometimes stakeholders ask for things without understanding all the issues. It is worth informing them of pros and cons of such choices.