3

When using AppAuth (v 0.90.0) for Google OAuth authentication on my iOS app, specifically for iOS 11, the following happens:

  1. Start Google authentication on the iOS client with a redirect URI http://myproduct.com/oauth-redirect. Because the client ID is that of a web application, I'm not able to specify a custom URL.
  2. AppAuth starts a SFAuthenticationSession on the client, I'm prompted to allow sign-in. Select Continue. (https://github.com/openid/AppAuth-iOS/blob/0.90.0/Source/iOS/OIDAuthorizationUICoordinatorIOS.m#L91-L95)
  3. http://myproduct.com/oauth-redirect redirects to a custom URL myproduct://auth, and SFAuthenticationSession completion block runs with a callback URL of myproduct://auth.
  4. When AppAuth resumes the auth flow, it checks whether the original URL is the same as the callback URL from the previous step: https://github.com/openid/AppAuth-iOS/blob/0.90.0/Source/OIDAuthorizationService.m#L108-L110
  5. Because http://myproduct.com/oauth-redirect and myproduct://auth are different, the flow stops.

Note that I'm using a web app clientID so that I can perform token exchange on the server side.

In the previous AppAuth version, this was possible because I was able to call resumeAuthorizationFlowWithURL directly with the updated URL.

Is there a way to support this use case without having to update AppAuth?

Grnbeagle
  • 1,751
  • 2
  • 16
  • 26
  • Hey the same issue here. Looks like noone answered so far. Have you solved this issue? – Yang Jun 05 '18 at 22:30
  • @Yang I created a PR to receive a mismatch error: https://github.com/openid/AppAuth-iOS/pull/193 the maintainer marked it out of scope though. People are definitely running into this issue: https://github.com/openid/AppAuth-iOS/issues/232 Please bring it up in the thread so that we can address it properly! Thanks. – Grnbeagle Jun 07 '18 at 00:29

0 Answers0