2

I'm trying to get a sample web application working using OAuth 2 for security that accepts IOS clients and am having a bit of trouble.

Browser Client

Using the node.js/passport example code from I added my google client ID + secret (https://code.google.com/apis/console). Works great- all I had to do was make the redirect URI point at my server's authorization callback.

IOS Client

Using the same server side code as above, and the gtm-oauth2 library for IOS, I've had some trouble. I created a client ID for installed applications per google's instructions, and modified the server to use those and added them to the ios app. The app is able to get to the google sign in page, but on redirect gives an error (which makes sense, because I didn't change the redirect uri).

Google gives me two options for the redirect URI:

  1. urn something or other
  2. localhost

The server requires some sort or redirect, but subbing in the IOS redirect URIs is not working, and it doesn't seem like they should given that the server needs to have a certain URI called for validation:

passport.use(new GoogleStrategy({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {

      // To keep the example simple, the user's Google profile is returned to
      // represent the logged-in user.  In a typical application, you would want
      // to associate the Google account with a user record in your database,
      // and return that user instead.
      return done(null, profile);
    });
  }
));

...

app.get('/auth/google/callback', 
  passport.authenticate('google', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  });

app.get('/logout', function(req, res){
  req.logout();
  res.redirect('/');
});

I get two different errors:

  1. Using the redirect that worked for the browser client, and the installed/ios app client ID + secret - redirect error
  2. Using the ios client ID + secret + ios + redirect (urn) - client error

Do I need to add the IOS redirect URI to the IOS client, or put in some sort of redirect param in the node.js server to tell it about the client? Or am I missing something basic?

nflacco
  • 4,972
  • 8
  • 45
  • 78
  • Are you trying to access the Google API only from your web server or also from your iOS app? – Jan Gerlinger Aug 20 '12 at 09:09
  • Right now, I've taken a step back to just trying to access the Google API from the IOS app. The goal is to access my server from the app by logging into Google. – nflacco Aug 20 '12 at 17:41

1 Answers1

3

What you are trying to achieve here, i.e. using the same credentials for the Installed Application and the Web Server Applications flow, won't work. Google knows for which type of application they issued the credientals and enforces this. (This is wrong, see comments.)

The typical way for your scenario would be to implement the Web Server Applications flow on your server and initiate the login by opening the authorization endpoint URL on the iOS device, but setting the redirect_uri to your server. That way you get the access token and refresh token on your server and can call the Google APIs from there.

How you communicate between your iOS client and your webserver is then completely independent from everything else.

Jan Gerlinger
  • 7,361
  • 1
  • 44
  • 52
  • I know this question is bit old now, but this post suggests that you are wrong about that. Or am I missing some of the finer details? http://stackoverflow.com/questions/11631928/authenticating-with-oauth2-for-an-app-and-a-website – troelskn Feb 06 '13 at 09:14
  • 1
    Yep, seems you are right. In my opinion, letting the web application handle the OAuth stuff is still preferable, as you won't need the *access token* stored on the device then. – Jan Gerlinger Feb 06 '13 at 10:12