On Thu, Apr 30, 2015 at 6:04 PM, Summers Pittman <supittma(a)redhat.com&gt; wrote: > In Android I have a solution for using the native browser to perform an > OAuth2 sign in. There are some limititions however. > > In general to use this you need an activity which has an intent filter to > consume the redirect URL. This works best if you use a custom URI scheme. > Google, Yahoo, and Facebook (as well as other I'm sure) only allow > redirects to http or https. This means that unless you are using a third > party to redirect a custom schema the browser my preempt your application > and consume the redirect. Other services such as KeyCloak and Spotify > allow custom schemas and these work perfectly with my solution. > > If we document the limitations of the Intent and when using an Intent vs > using a WebView is appropriate, is a solution with these limitations > adequate? I think it is. > +1 since generic OAuth2 provider is the goal, the intricacies of some should not interfere with the “correct” spec flow. btw interesting enough, in the iOS side of things the Bundle_ID can be used as the prefix in the redirect_uri registration and works correctly. Now why the Android 'Package name’ can’t be used similarly here is a mystery. Oh well.. - Christos > Thoughts? > > Summers > > PS: a link to my poc : > https://github.com/secondsun/aerogear-android-authz/tree/AGDROID-319/ > PPS: You can use this on the KeyCloakHelper in Shoot and Share by adding > `setWithIntent(true)` to the configuration in that class. > > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev > _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev