[aerogear-dev] OAuth2 with native Broswer in Android

Thu Apr 30 13:25:10 EDT 2015

On Thu, Apr 30, 2015 at 6:04 PM, Summers Pittman <supittma at redhat.com>
wrote:

> In Android I have a solution for using the native browser to perform an
> OAuth2 sign in.  There are some limititions however.
>
> In general to use this you need an activity which has an intent filter to
> consume the redirect URL.  This works best if you use a custom URI scheme.
> Google, Yahoo, and Facebook (as well as other I'm sure) only allow
> redirects to http or https.  This means that unless you are using a third
> party to redirect a custom schema the browser my preempt your application
> and consume the redirect.  Other services such as KeyCloak and Spotify
> allow custom schemas and these work perfectly with my solution.
>
> If we document the limitations of the Intent and when using an Intent vs
> using a WebView is appropriate, is a solution with these limitations
> adequate? I think it is.
>

+1

since generic OAuth2 provider is the goal, the intricacies of some should
not interfere with the “correct” spec flow.

btw
interesting enough, in the iOS side of things the Bundle_ID can be used as
the prefix in the redirect_uri registration and works correctly. Now why
the Android 'Package name’ can’t be used similarly here is a mystery. Oh
well..

-
Christos

> Thoughts?
>
> Summers
>
> PS: a link to my poc :
> https://github.com/secondsun/aerogear-android-authz/tree/AGDROID-319/
> PPS:  You can use this on the KeyCloakHelper in Shoot and Share by adding
> `setWithIntent(true)` to the configuration in that class.
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150430/e77159cc/attachment.html 