Best oauth-2.0 questions in March 2013

Using Google Oauth2 webflow from iOS + Bonjour (Yikes!)

13 votes

I'm building an iOS app that requires the user to authorize Google API's via Oauth2 using the server side web flow. I currently open a UIWebView to start the oauth2 flow.

This works fine in the simulator because I'm setting the redirect URI to http://localhost and have a server running on my local machine.

However, I'd like to test on the device while still connecting to a server running on my desktop. In order to do this, I've gotten the app to discover my desktop address (a local subnet IP or bonjour address like http://foo.local.) to connect to the server. However, the Google Oauth2 flow is saying that it cannot use local URI's as a redirect url.

Is there any way around this? I'd like to not have to mess with my local network setup or proxy requests from my IOS device if at all possible. I'd ideally also like to be able to use the bonjour service to discover the server because we have a team of developers and our app lets you choose which server on the local network you'd like to connect to.

Options?

I ended up solving this by taking the following approach.

In my UIWebView, I intercepted all loading requests and modified the URL's. Basically, I set the redirect_uri to something public (that is also registered on the api console), but when the UIWebView tries to load that redirect URI (after several redirects), I rewrite that URL to instead point to a callback on my mac on the local network.

Obviously this needs to be taken into account when parsing the token on the server side.