Simplicity icon indicating copy to clipboard operation
Simplicity copied to clipboard

Published 20 hours ago verified publisher icon SimplicityMobile

Create a companion server that handles authorization_code flows

Open edjiang opened this issue 8 years ago • 9 comments

We can't implement Twitter, GitHub, LinkedIn, Slack, or other login types because we can't do authorization_code grants without a client secret. Client secrets are fundamentally insecure on mobile clients, so we need to create a companion server to help with the authentication request.

edjiang avatar May 19 '16 00:05 edjiang

Do you see the server being one, single server that manages every one's tokens? Or a separate codebase that developers could stand up on their own? If the latter, what language do you think you will be implementing the server in?

joemasilotti avatar May 21 '16 09:05 joemasilotti

I definitely want to do both, but I haven't planned exactly the approach I'd be taking.

If it's self-hosted, that reduces complexity of writing code but may be less convenient to use. If it's hosted, it'd be more convenient to use but it'll be more work to write, and open-sourcing it would be less useful since there'd be more work to get it set up.

I'd love to hear your thoughts though -- what would you find more useful?

I'll be writing it in Node.js.

edjiang avatar May 21 '16 17:05 edjiang

@edjiang Why don't you make client secret parameter optional? For those who want to take the risk?

onmyway133 avatar May 25 '16 14:05 onmyway133

@onmyway133 so, I looked at it a bit more and realized that client_secret actually isn't required as per the OAuth spec for the Authorization Code grant type, so what I'm going to do is:

  1. Implement the authorization_code grant type as per spec.
  2. Keep it extensible so people can implement it with the client_secret if they want to.
  3. Get the server-side component out asap, and make it hosted!

edjiang avatar May 27 '16 02:05 edjiang

As an update: work on Implicity, the server-side component to Simplicity, has started!

I'm going to be at WWDC / Altconf festivities over the next week, so not sure what velocity I'll be getting, but @saimaddali will be joining me to help build out Implicity!

https://github.com/SimplicityMobile/Implicity

edjiang avatar Jun 13 '16 05:06 edjiang

How is it going? I would love to see Twitter supported by your Lib.

quiKsilverItaly avatar Nov 08 '16 22:11 quiKsilverItaly

Unfortunately, I've been working on a lot of other stuff recently, so I don't think this will get done in the near future :(

edjiang avatar Nov 08 '16 23:11 edjiang

+1

kakubei avatar Feb 21 '17 17:02 kakubei

+1

nick-iCars avatar Feb 13 '18 23:02 nick-iCars