[aerogear-dev] OAuth2 with native Broswer in Android

Christos Vasilakis cvasilak at gmail.com
Thu Apr 30 13:25:10 EDT 2015

On Thu, Apr 30, 2015 at 6:04 PM, Summers Pittman <supittma at redhat.com>

> In Android I have a solution for using the native browser to perform an
> OAuth2 sign in.  There are some limititions however.
> In general to use this you need an activity which has an intent filter to
> consume the redirect URL.  This works best if you use a custom URI scheme.
> Google, Yahoo, and Facebook (as well as other I'm sure) only allow
> redirects to http or https.  This means that unless you are using a third
> party to redirect a custom schema the browser my preempt your application
> and consume the redirect.  Other services such as KeyCloak and Spotify
> allow custom schemas and these work perfectly with my solution.
> If we document the limitations of the Intent and when using an Intent vs
> using a WebView is appropriate, is a solution with these limitations
> adequate? I think it is.


since generic OAuth2 provider is the goal, the intricacies of some should
not interfere with the “correct” spec flow.

interesting enough, in the iOS side of things the Bundle_ID can be used as
the prefix in the redirect_uri registration and works correctly. Now why
the Android 'Package name’ can’t be used similarly here is a mystery. Oh


> Thoughts?
> Summers
> PS: a link to my poc :
> https://github.com/secondsun/aerogear-android-authz/tree/AGDROID-319/
> PPS:  You can use this on the KeyCloakHelper in Shoot and Share by adding
> `setWithIntent(true)` to the configuration in that class.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150430/e77159cc/attachment.html 

More information about the aerogear-dev mailing list