oauth2-bundle icon indicating copy to clipboard operation
oauth2-bundle copied to clipboard

Published 20 hours ago verified publisher icon trikoder

Mobile App Flow

Open Scuottolinx opened this issue 4 years ago • 3 comments

Hi, I would need to run this flow:

  • mobile application, requires access by username and password, for all scopes (read, write, delete, update)
  • the server responds with the authorization token
  • the app will always use that token to identify the person logged in

how could i configure this flow?

Thx a lot

Scuottolinx avatar Dec 11 '20 07:12 Scuottolinx

You could easily do that flow by using the password grant_type and scope to empty (by default it will allow all scopes)

With that, you'll have to store the access_token and refresh_token from the response

froozeify avatar Dec 11 '20 14:12 froozeify

Thank you so much for the answer, I thought about it, but you confirmed it.

So, that's perfect, but what client_id do I give them? a public client_id? does it have to generate one per user? (as far as I understand I don't) thanks a lot

Scuottolinx avatar Dec 12 '20 10:12 Scuottolinx

Since it's a mobile app, you should probably use a authorization_code grant type as specified by OAuth

You'll have to generate your client_id from the command line

froozeify avatar Dec 12 '20 19:12 froozeify