Get only authorizationCode on iOS about generic-oauth2 HOT 14 OPEN

Is there any progress on this? Me and a colleague tried to implement a workaround extending OAuthSwift inside this library, but couldn't get a working solution. @moberwasserlechner Do you have any suggestions we could try?

from generic-oauth2.

Hi, I've implemented a solution to solve this problem. You can find my code in my fork =>
main...bertrand-sifre:capacitor-oauth2:main

from generic-oauth2.

I experimented a little bit and only authorizationTokens and code flow make sense for this scenario.

As the backend should access resources independently from the user a refresh token is needed in addition to the authorization token and this is only supported in code flow.

from generic-oauth2.

Code flow with PKCE #4 should return refreshTokens.

from generic-oauth2.

As I see no way to retrieve the authorizationCode from oauthSwift I will stop working on this task for now and concentrate on PKCE.

from generic-oauth2.

I need that task because OneDrive Api does not allow code flow on web apps. So the last call to the get accessToken and more important the refreshToken needs to be done on the server.

from generic-oauth2.

@moberwasserlechner Thanks for sharing this great plugin! I'm working on a similar server code flow scenario where a Capacitor app lets the user authenticate with Dropbox or Google Drive to get an authorization code, and our server uses that code to get an accessToken and/or refreshToken. This way our server could transfer files directly from Dropbox/Google.

For native apps, are you still planning to support getting the authorization code for iOS and Android? I noticed that oAuthSwift recently added support for this.

Alternatively, would it make sense to set a redirect URL to the server and have the server capture the authorization code directly? I'm not sure if this approach would work for a native app and your plugin. I've got some learning/experimenting to do here and would like to avoid taking a web view approach. In any case thanks for sharing your plans about authorization codes.

from generic-oauth2.

Yes I still plan to support it for all platforms.

I guess you ask because I removed the labels. I only did that because its needed for all platforms, so I need less labeling ;).

To your alternative: This is a common alternative it should work. Although I never tried it myself. But if this tasks does not work for my scenario this is the way I will go as well.

from generic-oauth2.

Thanks for clarifying. I got it to work with the standard Capacitor Browser plugin by adding some special logic on the redirect URL page (on our server) to trigger a custom URI that loaded the app and included an authentication code as a parameter to the custom URI (so the app could read it on startup).

This worked well overall, though with Android I found it was necessary to set it to a "singleTask" launch mode to avoid multiple instances of the app. Some more background on this approach at https://forum.getcapacitor.com/t/oauth2-auth-code-flow-w-capacitor-browser/266/9

Planning to add Google sign in and some other oAuth providers so expect to be using your plugin again soon. Thanks for sharing!

from generic-oauth2.

Starting with v2.0.0 you can get the code from the authorization request, if you do not provide the parameters accessTokenEndpoint and resourceUrl.

This - however - only works on the Web and Android. On iOS the used lib OAuthSwift does not give me the needed control over the flow to achieve this.

from generic-oauth2.

Hello! Any updates on this?

I have the same issue with Salesforce. As you describe on your first post I want to retrieve only the code in client and then handle the rest on the server side. Is there a workaround for this? Can I do something else to get the code on iOS?

Thanks!

from generic-oauth2.

Hello, I also need to only retrieve the access code using IOS.

It seems there is a workaround, but you have to extend the OAuthSwift plugin

OAuthSwift/OAuthSwift#400

from generic-oauth2.

Add authorization_response to the response when implementing this. See #154

from generic-oauth2.

Hello, I'm passing the authorization code to my backend server to obtain access token, but it is returning the error "unauthorized_client".
Here are the android options (Vuejs) code

android: {
        appId: capacitorConfig.plugins.GoogleAuth.androidClientId,
        responseType: 'code',
        redirectUrl: capacitorConfig.appId+':/',
        //resourceUrl: null,
        accessTokenEndpoint: '',
        additionalParameters:{
          access_type: 'offline',
          include_granted_scopes: true,
        },
      },

And here is the PHP code

$client = new Google_Client();

        $client->setClientId('WEB_CLIENT_ID.apps.googleusercontent.com');
        $client->setClientSecret('WEB_CLIENT_ID_SECRET');
       // $client->setRedirectUri('');
        $client->setAccessType('offline');
        //$client->setScopes($scope);
        $client->setState($state);
        $r = $client->fetchAccessTokenWithAuthCode($authCode);
        if(isset( $r['error']) && !empty( $r['error']) ){
            $response['message'] = $r['error'].' '.$r['error_description'];
            return $response;
        }

The appId: capacitorConfig.plugins.GoogleAuth.androidClientId, & $client->setClientId('WEB_CLIENT_ID.apps.googleusercontent.com'); belongs to the same google project, the difference is that one is for android and the other is for web client.

I would appreciate if someone can shed any light on the situation.

from generic-oauth2.