This approach is what we've implemented in a few places, most notably on
the hReader iOS app (code is in some branch or fork of
https://github.com/projecthreader/hReader, I'm told it's going to be
pulled into that main branch soon though). Here we pre-register the
hReader app with a single redirect URI of hreader://oauth (or something
along those lines) and use that as the callback. We also use the system
browser as opposed to embedding a web form view, as there are several
potential security and usability problems when using an embedded browser
that range from loss of session management to the embedded browser
leaking the credentials to the client app (which is exactly what OAuth
is trying to avoid, after all).
-- Justin
On 03/25/2013 07:51 AM, Brian Campbell wrote:
This little presentation from last year talks about OAuth & mobile. In
a nutshell, it discusses using the authorization code grant and a
redirect uri with a custom scheme.
http://www.slideshare.net/briandavidcampbell/is-that-a-token-in-your-phone-in-your-pocket-or-are-you-just-glad-to-see-me-oauth-20-and-mobile-devices
On Sun, Mar 24, 2013 at 1:47 PM, Security Developer
<security.develope...@gmail.com
<mailto:security.develope...@gmail.com>> wrote:
Hi,
Can any body please help in describing the OAuth flow for mobile
applications?
Thanks for your time.
_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
