Hello,
For the Aerogear iOS OAuth2 library, does it support cross-client
authorization as documented here:
https://developers.google.com/identity/protocols/CrossClientAuth? I have a
project configured in the Google Developers console with two OAuth2 client
IDs. I'd like to have my iOS app send a token request that contains both
client IDs (one in the client_id field and another in the audience field)
and receive a token that has the server_code field which I would then send
to my web app to get it's own refresh/access tokens. Example requests below.
Token request:
audience <web app client
ID>.apps.googleusercontent.com
client_id <iOS app client
ID>.apps.googleusercontent.com
code 4/qmOAPMYafdJ1Qs14o6wK9Ok_p4bhkzjab72wwLtLg5A
grant_type authorization_code
redirect_uri com.googleusercontent.apps.<iOS app client ID>:/oauth2callback
verifier 81803532
Token response:
access_token String
ya29.NgL_Yz4eECZQR0aHbrYh5_A06Rif_dQYxBLXXZLm5OQiInwKGcKI8Nd2PhxLNtV-XzoQ
token_type String Bearer
expires_in Integer 3600
refresh_token String
1/4aumZ1PQ00zk4xrc4W-xgjMIHA1GnDtpmc17Fopx9-RIgOrJDtdun6zK6XiATCKT
server_code String 4/qz-ClSW_wudBxj5H7cCFhaNDYQQrtcytAokQje_XKf0 <----
NEW!
id_token String eyJhbGciOiJSUzI1NiIsImtpZCI6...
Best,
Michael Doo