Comments (5)
Retrieving a new token shouldn't prompt the user unless the user's session has expired.
There might be some misunderstanding here.
from appauth-android.
Hello, no it's not that it's to ask for a 1st token I would not like to open a web view
from appauth-android.
OIDC is a specific extension of OAuth 2.0 to authenticate and authorize users where the end-user specifically doesn't hand his credentials to the 3rd party app it authenticates in.
There is a native redirect alternative to the web browser/view where you can authenticate through an IDP by redirecting to another native app and back. (not currently supported by this lib)
If you own both the identity provider and the app, you can have your own OAuth2.0 native login but this library doesn't deal with that flow. E.g. Facebook would have it's own native login. Instagram has both a native login for legacy users and a separate IDP-based login to: Login with Facebook.
We only deal with the standard web-based auth in this library. A lot of integrators will use this flow even if they also own the IDP especially in enteprise cases. E.g. you will login with an OIDC flow in most Microsoft apps, because the Office is quite different to the Microsoft Account.
from appauth-android.
I'm not sure I've understood everything, but what I do understand is that the lib is obliged to open a webview even if it closes directly afterwards.
from appauth-android.
First login flow:
- open app & tap login
- open webbrowser
- have user enter username/pass into the identity provider (be it 3rd party, Facebook, Google, Okta, etc or your own Keycloak, IdentityServer, hand-rolled code, etc)
- get back token to do authenticated calls for user
App restart:
- if token is still valid, just use it (no webbrowser prompt)
- if token expired, have user relogin (go back to first step by having user log into the webbrowser)
from appauth-android.
Related Issues (20)
- Getting Activity Not Found Exception When trying to authorize the request
- Authorization canceled error. HOT 3
- Fatal Exception: java.lang.SecurityException: Binder invocation to an incorrect interface HOT 2
- What is authorization end point an token end point in the case of FHIR services From Epic HOT 5
- User cancelled flow HOT 2
- Using this lib for oAuth flow HOT 2
- Can this library be used on Android TV? HOT 3
- Oauth2.0
- [Spam] HOT 6
- Avoid Fatal Exception: net.openid.appauth.d: grant request is invalid in Firebase Crashlytics HOT 3
- Como la instalo con termux HOT 1
- Why Isn't AppAuth not using kotlin yet? HOT 2
- android.content.ActivityNotFoundException: When app opened HOT 5
- Incorrect documentation I think
- TokenResponse JSON parsing null values as "null" strings
- Zdd
- D
- Lisene
- Communication problems between AuthorizationManagementActivity and RedirectUriReceiverActivity are caused by an Android 14 task stack issue.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appauth-android.