[Aerogear-users] Cross-client auth support?

Michael Doo michael at 410labs.com
Wed Nov 25 12:32:36 EST 2015


For the Aerogear iOS OAuth2 library, does it support cross-client
authorization as documented here:
https://developers.google.com/identity/protocols/CrossClientAuth? I have a
project configured in the Google Developers console with two OAuth2 client
IDs. I'd like to have my iOS app send a token request that contains both
client IDs (one in the client_id field and another in the audience field)
and receive a token that has the server_code field which I would then send
to my web app to get it's own refresh/access tokens. Example requests below.

Token request:
audience  <web app client ID>.apps.googleusercontent.com
client_id <iOS app client ID>.apps.googleusercontent.com
code  4/qmOAPMYafdJ1Qs14o6wK9Ok_p4bhkzjab72wwLtLg5A
grant_type  authorization_code
redirect_uri  com.googleusercontent.apps.<iOS app client ID>:/oauth2callback
verifier  81803532

Token response:
access_token  String
token_type String  Bearer
expires_in  Integer 3600
refresh_token String
server_code String  4/qz-ClSW_wudBxj5H7cCFhaNDYQQrtcytAokQje_XKf0 <----
id_token String  eyJhbGciOiJSUzI1NiIsImtpZCI6...

Michael Doo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/attachments/20151125/aadc1c93/attachment.html 

More information about the Aerogear-users mailing list