Group Group Group Group Group Group Group Group Group

OAuth on mobile apps

Vapor has a chapter of taking the implementation of OAuth and using it with the web app, but it doesn’t tie in quite as nicely to the iOS app. I’m wondering how to user the setup we’ve built with Vapor to login in the iOS app.

OAuth on mobile gets more complicated because of the trouble with redirects. Essentially it’s the same process however, just when Google or whoever redirects back with the token they need to redirect back to your app. So you can open an SFViewController to go to Google so the user can give permission and then you either set the redirect URL to your app using a custom URL scheme or use deep linking to intercept the redirect in your app

ah ok, so would it be easier to just use a library like OAuth2 or OAuthSwift?

Close but not quite. You want to initiate the OAuth flow from the device but the tokens actually need to go to the server to be saved and then provide a token from your Vapor app to the iOS client. Make sense?

(There’s also more logic that can be built in such as what to do if your access token has expired etc and you need to make a request to the Google endpoints etc)

Oh, I see. Are there any guides for implementing that sort of logic?

Unfortunately not at the moment. But you could use OAuthSwift and post the token back to the server in your iOS app as a first step?