如何在OAuth 2.0中为移动应用程序使用隐式授权类型?
我已阅读有关OAuth 2.0和隐式授权的教程类型。我仍然不明白隐式授权类型如何适用于移动设备(iOS或Android)。例如,如果我们创建一个SSO应用程序(如Facebook)并制作SDK来提供此服务。 SSO应用程序是否以实用方式或通过Web视图与授权服务器联系?
I have read a tutorial regarding OAuth 2.0 and implicit grant type. I still don't understand how implicit grant type will work for mobile (iOS or Android). For example if we create an SSO App (like Facebook) and make an SDK to give this service. Does the SSO app contacts the Authorization server pragmatically or via a web view?
另一点是 - 隐式授权类型要求您发送重定向URI。我知道您可以为iOS制作自定义uri架构并执行此操作。我不明白的是授权服务器如何在设备上调用自定义URI。
Also another point is that - implicit grant type requires you to send a Redirect URI. I understand that you can make a custom uri schema for iOS and do this. What I don't understand is how the authorization server calls a custom URI on the device.
对于移动应用中的Oauth2,您可以将 redirect_uri 设置为某些dumy URL,如 http:// localhost / redirect / ,然后使用webview的onload事件检查 access_token $ c $的URL c>
For Oauth2 in mobile apps you can set your redirect_uri to some dumy URL like http://localhost/redirect/ and then use the webview's "onload" event to check the URL for access_token
例如在iOS中,您可以在webview中加载授权URL,并使用委托方法检查 redirect_uri 对于 access_token 这样:
For example in iOS, you can load the authorization url in webview, and use delegate method to check the redirect_uri for access_token like this:
- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType {
NSURL *Url = [request URL];
...
}
您也可以在Phonegap应用中执行此操作HTML5 / JavaScript使用 InAppBrowser :
You can also do this in Phonegap app with HTML5/JavaScript using InAppBrowser:
var loginWindow = window.open(login_url, '_blank', 'location=yes');
$(loginWindow).on('loadstart', function(e) {
var url = e.originalEvent.url;
var access_token = url.split("access_token=")[1];
...
}