发表新帖
发表新帖

Android SSO (Single sign-on) for app

后端 未结
关注
3 413
南笙
南笙 2021-01-01 18:39

Is there any free single-signon mechanism for Android that gracefully works with non-webapps? Say, something along the lines of...

  1. You launch my app and use

3条回答
  • 没有蜡笔的小新
    没有蜡笔的小新 (楼主)
    2021-01-01 19:10

    What you described in Alternatively section looks like Authorization Code using Proof Key for Code Exchange (PKCE) OAuth 2.0 grant

    https://tools.ietf.org/html/rfc7636

    The flow is the following:
    1. Your app generates a random key (code_verifier) and it's transformed value (code_challenge) and navigates to authorization server with code_challenge as a parameter
    2. Authorization server redirects back to your app with authorization code
    3. Your app sends authorization_code and the code_verifier to the auth server to get the authorization token
    4. Server uses authorization_code and the code_verifier (it already has code_challenge, so it can verify that code_verifier is correct) and then returns to your app with the token.

    On the practical side of it you can use something like Auth0 to implement it in your app.

    0 讨论(0)
 看不清?
提交回复
热议问题