<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 30, 2015 at 6:04 PM, Summers Pittman <span dir="ltr"><<a href="mailto:supittma@redhat.com" target="_blank">supittma@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">In Android I have a solution for using the native browser to perform an OAuth2 sign in. There are some limititions however.<div><br></div><div>In general to use this you need an activity which has an intent filter to consume the redirect URL. This works best if you use a custom URI scheme. Google, Yahoo, and Facebook (as well as other I'm sure) only allow redirects to http or https. This means that unless you are using a third party to redirect a custom schema the browser my preempt your application and consume the redirect. Other services such as KeyCloak and Spotify allow custom schemas and these work perfectly with my solution.</div><div><br></div><div>If we document the limitations of the Intent and when using an Intent vs using a WebView is appropriate, is a solution with these limitations adequate? I think it is.</div></div></blockquote><div><br></div><div>+1 </div><div><br></div><div>since generic OAuth2 provider is the goal, the intricacies of some should not interfere with the “correct” spec flow.</div><div><br></div><div>btw</div><div>interesting enough, in the iOS side of things the Bundle_ID can be used as the prefix in the redirect_uri registration and works correctly. Now why the Android 'Package name’ can’t be used similarly here is a mystery. Oh well..</div><div><br></div><div>-</div><div>Christos</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>Thoughts?</div><div><br></div><div>Summers</div><div><br></div><div>PS: a link to my poc : <a href="https://github.com/secondsun/aerogear-android-authz/tree/AGDROID-319/" target="_blank">https://github.com/secondsun/aerogear-android-authz/tree/AGDROID-319/</a></div><div>PPS: You can use this on the KeyCloakHelper in Shoot and Share by adding `setWithIntent(true)` to the configuration in that class.</div><div><br></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div></div>