[aerogear-dev] OAuth2 with native Broswer in Android
Corinne Krych
corinnekrych at gmail.com
Mon May 4 04:24:21 EDT 2015
+1
On 30 April 2015 at 19:25, Christos Vasilakis <cvasilak at gmail.com> wrote:
>
>
> On Thu, Apr 30, 2015 at 6:04 PM, Summers Pittman <supittma at redhat.com>
> wrote:
>
>> In Android I have a solution for using the native browser to perform an
>> OAuth2 sign in. There are some limititions however.
>>
>> In general to use this you need an activity which has an intent filter to
>> consume the redirect URL. This works best if you use a custom URI scheme.
>> Google, Yahoo, and Facebook (as well as other I'm sure) only allow
>> redirects to http or https. This means that unless you are using a third
>> party to redirect a custom schema the browser my preempt your application
>> and consume the redirect. Other services such as KeyCloak and Spotify
>> allow custom schemas and these work perfectly with my solution.
>>
>> If we document the limitations of the Intent and when using an Intent vs
>> using a WebView is appropriate, is a solution with these limitations
>> adequate? I think it is.
>>
>
> +1
>
> since generic OAuth2 provider is the goal, the intricacies of some should
> not interfere with the “correct” spec flow.
>
> btw
> interesting enough, in the iOS side of things the Bundle_ID can be used as
> the prefix in the redirect_uri registration and works correctly. Now why
> the Android 'Package name’ can’t be used similarly here is a mystery. Oh
> well..
>
> -
> Christos
>
>
>> Thoughts?
>>
>> Summers
>>
>> PS: a link to my poc :
>> https://github.com/secondsun/aerogear-android-authz/tree/AGDROID-319/
>> PPS: You can use this on the KeyCloakHelper in Shoot and Share by adding
>> `setWithIntent(true)` to the configuration in that class.
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20150504/db404c62/attachment.html
More information about the aerogear-dev
mailing list