admin管理员组文章数量:1315952
For people who work with desktop applications, how do they handle oauth2 flows for third party services that need a redirect url?
I'd like to authenticate users through Discord's oauth2 login. But I'm working on a desktop app, with no webservice behind it.
I've read about the redirect scheme that looks like,
urn:ietf:wg:oauth:2.0:oob
But discord says it's a non matching redirect url after logging in through oauth2.
For people who work with desktop applications, how do they handle oauth2 flows for third party services that need a redirect url?
I'd like to authenticate users through Discord's oauth2 login. But I'm working on a desktop app, with no webservice behind it.
I've read about the redirect scheme that looks like,
urn:ietf:wg:oauth:2.0:oob
But discord says it's a non matching redirect url after logging in through oauth2.
Share Improve this question edited Jun 1, 2016 at 8:01 Abhishek Patil 1,4454 gold badges36 silver badges66 bronze badges asked Jun 1, 2016 at 6:37 mariocatchmariocatch 8,70312 gold badges51 silver badges75 bronze badges 1- I think that you need to develop a server-side application for oauth2 login. Actually, Oauth2 made for internet-based applications which used a specified URL for accessing. Desktop application does not work on that way so you can not integrate Oauth2. – Linh Commented Jun 1, 2016 at 7:35
1 Answer
Reset to default 7If you use a desktop application you have a couple of choices:
- You can start a webserver locally and use
localhost
as redirectUri. The downside is that you will usually need to also supply the port number in the list of allowed redirect Uris and you won't necessrily know if a certain port is available on the client. - The
urn:ietf:wg:oauth:2.0:oob
instructs the server not redirect the user at all but output the code in the browser windows title. If you have the appropriate permission to read other windows title then you can autodetect changes there. Also the code is usually displayed to the user so that as a fallback he can copy&paste the code into your application. However your service may not support this. - Setup a webservice that forwards the token for you. Basically you setup a webservice against which your application authenticates and that webservice returns an URL to the authentication service including an appropriate
state
to you to which you send the user. Then the authentication service will send your user back to your webservice which again reports the code to your application e.g. by means of long polling, web sockets, or a real TCP connection which is kept open during the whole process. Note that the webservice will need careful design so that the service is not abused by third-parties. Since you cannot technically authenticate your desktop application against the webservice, you cannot stop other applications from calling your webservice, but you can present some information to the user on the consent screen that helps users identify whether the request was legitimate or not.
本文标签: javascriptHow does oauth2 redirect url work for desktop applicationsStack Overflow
版权声明:本文标题:javascript - How does oauth2 redirect url work for desktop applications? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741995727a2410005.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论