[aerogear-dev] OAuth2 VK.com

Fri Mar 20 10:12:28 EDT 2015

Hi Denis

Taking a closer look, VK.com implement the “client credential grant” OAuth2 flow.
We don’t support it yet in ag-ios-oauth2 but there is a JIRA ticket for it [1] and [2] for its demo (planned for 2.4.0 release - end of May). 

Here is a short explantion of the Oauth2 grant flow (extracted from one of my blog):
Four different flows are part of the spec, you can group them in two different families: 
- 3-legged flow: where end-user need to grant permission. The _implicit grant_ is for browser-based app not capable of keeping tokens secure. The _authorization code grant_ which generates an access and (optionally a refresh token) is for client capable of keeping secret.
- 2-legged flow: where the credentials are given to the app. The key difference, compared to 3 legged-flow, is that the consumer is not requesting access to any user data.  Instead, it is creating an account with the service provider with no previous data in it at all, therefore the grant flow can be skipped.

Here is the challenge: would you like to do the PR for this jira?
I’ll be glad to help you to implement client credential grant for aerogear-ios-oauth2 lib.

++
Corinne
[1] https://issues.jboss.org/browse/AGIOS-191
[2] https://issues.jboss.org/browse/AGIOS-196

> On 20 Mar 2015, at 14:24, Corinne Krych <corinnekrych at gmail.com> wrote:
> 
> Hello Denis,
> 
> I’ve just submitted a PR to support web view, but you still need a custom URL for it[1].
> 
> Googling around I found:
> https://vk.com/dev/ios_sdk
> https://github.com/VKCOM/vk-ios-sdk
> It seems VK is using same convention that Facebook:  Enter vk+APP_ID for the custom url
> 
> ++
> Corinne
> [1] https://github.com/aerogear/aerogear-ios-oauth2/pull/25
> 
>> On 20 Mar 2015, at 09:39, Денис Карпенко <banddk1 at gmail.com> wrote:
>> 
>> Thank you Summers and Corinne, 
>> Safari opens URL and I suppose it can be problem ) However I'll try to make something with WebView)
>> 
>> Denis.
>> 
>> 2015-03-19 22:29 GMT+03:00 Corinne Krych <corinnekrych at gmail.com>:
>> It's worth investigating on UIWebView indeed, i'll give a go tomorrow as i'm working on AGIOS-414 provide webview option.
>> ++
>> Corinne
>> 
>> On Thursday, March 19, 2015, Summers Pittman <supittma at redhat.com> wrote:
>> On Android the webview dialog checks the address before it makes the request and if it matches the redirect will forward the codes back to the application.  Perhaps you could use something similar for the other platforms?
>> 
>> On Thu, Mar 19, 2015 at 12:59 PM, Денис Карпенко <banddk1 at gmail.com> wrote:
>> Hello everyone,
>> I am trying to add special config for VK in OAuth2 library, but I get stuck in a rut. VK doesn't allow   make redirect URI without ( http:// or https://) so I can't send authorization token into application using URL schemes( because I need use something like "applicationName://". Did anyone encounter a similar problem ? How can I solve this problem?
>> 
>> P.S VK also doesn't have refresh tokens. VK begins to to irritate me :)
>> 
>> Denis.
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 