Do not open browser about appauth-android HOT 5 OPEN

Retrieving a new token shouldn't prompt the user unless the user's session has expired.
There might be some misunderstanding here.

from appauth-android.

Hello, no it's not that it's to ask for a 1st token I would not like to open a web view

from appauth-android.

OIDC is a specific extension of OAuth 2.0 to authenticate and authorize users where the end-user specifically doesn't hand his credentials to the 3rd party app it authenticates in.
There is a native redirect alternative to the web browser/view where you can authenticate through an IDP by redirecting to another native app and back. (not currently supported by this lib)

If you own both the identity provider and the app, you can have your own OAuth2.0 native login but this library doesn't deal with that flow. E.g. Facebook would have it's own native login. Instagram has both a native login for legacy users and a separate IDP-based login to: Login with Facebook.

We only deal with the standard web-based auth in this library. A lot of integrators will use this flow even if they also own the IDP especially in enteprise cases. E.g. you will login with an OIDC flow in most Microsoft apps, because the Office is quite different to the Microsoft Account.

from appauth-android.

I'm not sure I've understood everything, but what I do understand is that the lib is obliged to open a webview even if it closes directly afterwards.

from appauth-android.

First login flow:

1. open app & tap login
2. open webbrowser
3. have user enter username/pass into the identity provider (be it 3rd party, Facebook, Google, Okta, etc or your own Keycloak, IdentityServer, hand-rolled code, etc)
4. get back token to do authenticated calls for user

App restart:

• if token is still valid, just use it (no webbrowser prompt)
• if token expired, have user relogin (go back to first step by having user log into the webbrowser)

from appauth-android.