implement the “client credential grant” OAuth2 flow.
We don’t support it yet in ag-ios-oauth2 but there is a JIRA ticket for it [1] and [2] for
its demo (planned for 2.4.0 release - end of May).
Here is a short explantion of the Oauth2 grant flow (extracted from one of my blog):
Four different flows are part of the spec, you can group them in two different families:
- 3-legged flow: where end-user need to grant permission. The _implicit grant_ is for
browser-based app not capable of keeping tokens secure. The _authorization code grant_
which generates an access and (optionally a refresh token) is for client capable of
keeping secret.
- 2-legged flow: where the credentials are given to the app. The key difference, compared
to 3 legged-flow, is that the consumer is not requesting access to any user data.
Instead, it is creating an account with the service provider with no previous data in it
at all, therefore the grant flow can be skipped.
Here is the challenge: would you like to do the PR for this jira?
I’ll be glad to help you to implement client credential grant for aerogear-ios-oauth2
lib.
++
Corinne
[1]
On 20 Mar 2015, at 14:24, Corinne Krych
<corinnekrych(a)gmail.com> wrote:
Hello Denis,
I’ve just submitted a PR to support web view, but you still need a custom URL for it[1].
Googling around I found:
https://vk.com/dev/ios_sdk
https://github.com/VKCOM/vk-ios-sdk
It seems VK is using same convention that Facebook: Enter vk+APP_ID for the custom url
++
Corinne
[1]
https://github.com/aerogear/aerogear-ios-oauth2/pull/25
> On 20 Mar 2015, at 09:39, Денис Карпенко <banddk1(a)gmail.com> wrote:
>
> Thank you Summers and Corinne,
> Safari opens URL and I suppose it can be problem ) However I'll try to make
something with WebView)
>
> Denis.
>
> 2015-03-19 22:29 GMT+03:00 Corinne Krych <corinnekrych(a)gmail.com>:
> It's worth investigating on UIWebView indeed, i'll give a go tomorrow as
i'm working on AGIOS-414 provide webview option.
> ++
> Corinne
>
> On Thursday, March 19, 2015, Summers Pittman <supittma(a)redhat.com> wrote:
> On Android the webview dialog checks the address before it makes the request and if
it matches the redirect will forward the codes back to the application. Perhaps you could
use something similar for the other platforms?
>
> On Thu, Mar 19, 2015 at 12:59 PM, Денис Карпенко <banddk1(a)gmail.com> wrote:
> Hello everyone,
> I am trying to add special config for VK in OAuth2 library, but I get stuck in a rut.
VK doesn't allow make redirect URI without ( http:// or https://) so I can't
send authorization token into application using URL schemes( because I need use something
like "applicationName://". Did anyone encounter a similar problem ? How can I
solve this problem?
>
> P.S VK also doesn't have refresh tokens. VK begins to to irritate me :)
>
> Denis.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev