-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get only authorizationCode on iOS #13
Comments
I experimented a little bit and only authorizationTokens and code flow make sense for this scenario. As the backend should access resources independently from the user a refresh token is needed in addition to the authorization token and this is only supported in code flow. |
Code flow with PKCE #4 should return refreshTokens. |
…seType is set to code automatically
As I see no way to retrieve the authorizationCode from oauthSwift I will stop working on this task for now and concentrate on PKCE. |
I need that task because OneDrive Api does not allow code flow on web apps. So the last call to the get accessToken and more important the refreshToken needs to be done on the server. |
@moberwasserlechner Thanks for sharing this great plugin! I'm working on a similar server code flow scenario where a Capacitor app lets the user authenticate with Dropbox or Google Drive to get an authorization code, and our server uses that code to get an accessToken and/or refreshToken. This way our server could transfer files directly from Dropbox/Google. For native apps, are you still planning to support getting the authorization code for iOS and Android? I noticed that oAuthSwift recently added support for this. Alternatively, would it make sense to set a redirect URL to the server and have the server capture the authorization code directly? I'm not sure if this approach would work for a native app and your plugin. I've got some learning/experimenting to do here and would like to avoid taking a web view approach. In any case thanks for sharing your plans about authorization codes. |
Yes I still plan to support it for all platforms. I guess you ask because I removed the labels. I only did that because its needed for all platforms, so I need less labeling ;). To your alternative: This is a common alternative it should work. Although I never tried it myself. But if this tasks does not work for my scenario this is the way I will go as well. |
Thanks for clarifying. I got it to work with the standard Capacitor Browser plugin by adding some special logic on the redirect URL page (on our server) to trigger a custom URI that loaded the app and included an authentication code as a parameter to the custom URI (so the app could read it on startup). This worked well overall, though with Android I found it was necessary to set it to a "singleTask" launch mode to avoid multiple instances of the app. Some more background on this approach at https://forum.getcapacitor.com/t/oauth2-auth-code-flow-w-capacitor-browser/266/9 Planning to add Google sign in and some other oAuth providers so expect to be using your plugin again soon. Thanks for sharing! |
Starting with v2.0.0 you can get the This - however - only works on the Web and Android. On iOS the used lib OAuthSwift does not give me the needed control over the flow to achieve this. |
Hello! Any updates on this? I have the same issue with Salesforce. As you describe on your first post I want to retrieve only the code in client and then handle the rest on the server side. Is there a workaround for this? Can I do something else to get the code on iOS? Thanks! |
Hello, I also need to only retrieve the access code using IOS. It seems there is a workaround, but you have to extend the OAuthSwift plugin |
Add |
Hello, I'm passing the authorization code to my backend server to obtain access token, but it is returning the error "unauthorized_client".
And here is the PHP code
The I would appreciate if someone can shed any light on the situation. |
Is there any progress on this? Me and a colleague tried to implement a workaround extending OAuthSwift inside this library, but couldn't get a working solution. @moberwasserlechner Do you have any suggestions we could try? |
Hi, I've implemented a solution to solve this problem. You can find my code in my fork => |
I need to support cloud storage providers like OneDrive, Google Drive, DropBox and so on.
The actual access to resources is handled by the backend, so only the authentication is done by to user on the client this results in the
authorizationCode
, which is sent to the backend. The backend performs the retrieval ofaccessToken
and most important therefreshToken
Unfortunately Code Flow with PKCE is no option because various OAuth providers support only native apps for this flow and web apps/PWAs are forced to use Implizit Flow. I need the refreshToken to access resources without the users interaction.
The text was updated successfully, but these errors were encountered: