stackoom
  简体   繁体   中英

What exactly is redirect_uri in Google OAuth2 request for getting authorization code in Mobile App?

 原文  2022-07-22 04:33:58       android/ flask/ oauth-2.0/ google-oauth/ google-authentication

Question

According to the Mobile App Google documentation , there is a parameter named redirect_uri which is not clear to me. For example, in the Web App flow of Google OAuth2, the procedure is some communication between front-end, back-end, and google server. In fact, the backend prepares two endpoints one for redirecting to the google auth page which will be called by the frontend, and another endpoint is /oauth2callback which will be called by the google server as a redirect_uri .

My question is, what's the redirect_uri in the Mobile App flow? Is it the same with my backend /oath2callback or Mobile App flow doesn't need any backend part?

[NOTE]:

Actually, I am going to receive credential stuff from the mobile side including access_token, refresh_token, etc, into the backend and store it into the db and use it for calling google API on the server side.

[UPDATE]

Here's the flow I've implemented:

在此处输入图像描述

2 answers

solution1
 0  2022-07-24 18:55:36

The redirect uri is actually not differentiated by whether it's backend or frontend.

When you create authz credentials in Google, you're supposed to define the redirect method and the uri itself. Here's the type google suggests from the doc you linked:

Custom URI scheme (Android, iOS, UWP) A custom URI scheme is recommended for Android apps, iOS apps, and Universal Windows Platform (UWP) apps.

The uri scheme tells the OS that when it sees a matching url, open a particular app (rather than the browser).

Obviously, if you're using the mobile phone's web browser for the flow, then you needn't worry about the custom scheme. This is even the preferred method in the native apps rfc .

solution2
 0  2022-07-25 12:44:00

I think what you want to achieve can be done in the following way:

Implement the Authorization Request on the Mobile app, and set redirect_uri in a way that redirects back to your app, ie: claim that url with your app. When you get the auth code in your app, send that auth code to your backend, and do the token request from your backend. That way, you'll have all tokens on the backend.

The flow is:

  1. Authorization Request from mobile app to OAuth provider (eg: Google).
  2. Google responds with auth_code to your mobile app.
  3. Send that auth_code to backend (this is your own Token Request route).
  4. Do the Token Request on backend with the auth_code and get access_token and refresh_token -- here you have the possibility to store it.
  5. Respond to the mobile app with the desired token so it can use it for authentication/authorization.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OAuth: App Id or redirect_uri does not match authorization code React native OAuth2 redirect_uri: Invalid scheme Getting Invalid Grant on OAuth2 authorization_code post request for Google Play Billing purchase verification Cross-platform Google OAuth Signin: redirect_uri mismatch Google OAuth2: perform token refreshing server-side while refresh token or authorization code acquired via mobile app What exactly is the client secret for Google OAuth2? OAuth 2.0 Android redirect_uri issue OAuth2 Redirect URI not valid Use Android App Link as an OAuth2 Redirect URI What is redirect_uri required by Uber API?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM