Activités de "fahad.kayani@alisco-it.com"
hi
You can refer to the professional document.
https://oauth.net/2/native-apps/
I did, no mention of the required guide, just PKCE mostly.
Use code flow in your mobile.
- Mobile app redirects to authserver website.
- Select Google on the login page of the authserver website.
- Log in to your Google account or use your logic to create a new user on the authserver website.
Hi I am also developing a flutter app with abp commercial at the backend, I am just curious at this part, we have the PKCE flow handled through the browser and external providers are handled there as well, but is there a way we can better the user-experience by keeping the user in-app like most apps do e.g. facebook, instagram,.
things I have tried:
implemented in-app-webView but that has security concerns,
looked into password grant_type, but most of the articles and sources do not recommend this, and client_secret is saved on the native-app as well. A workaround to this: make a custom api which calls
/connect/tokenwith grant_type password on the backend, and returns access_token as a response to the initial call from native-apps,
Would these be good approaches to this in your opinion or any other approach you recommend?
alright, this was very helpful, Thanks.
The react native app you talked about in the answer is the one that comes with the template, right?
Yes it comes with template
and hasn't the authentication-flow used in the template?, as it opens the url in browser?
There are 2 template Open source (ABP) and
Commercial (This is priv. repo)templates
- In ABP template we use password grant_type for react native auth.
- Yet we'll switch to authorization code
- In Commercial template we use authorization code grant_type
yeah, I am using the commercial template.
Is password-flow handling available through abp APIs, or does it need to be customized.
- You don't need to customize something, you can use /connect/token endpoint, just make sure you sending correct body. Because body needs to be change depending your grant_type property.
so, I can just use the /connect/token endpoint through my app, and user can be authenticated for signup and login within the app, am I understanding that correctly?
Lastly you can use ADB for work with localhost instead developing with IP configuration. We'll add the steps to docs but maybe it might be confusing for you.
that's alright, as I said previously, I was able to get everything running in no-time after I tracked the issue.
You can use any UI framework with ABP there is no problem, but the problem is there I think your OpenId knowledge must be missing.
- Firstly all you need to do is understand application-configuration end point. We made a online session about mobile development https://youtu.be/-wrdngeKgZw?t=722
- If you use authorization_code flow in UI app, It'll redirect to browser and in the browser there is already sign in and sign up screens which means you don't have to implement any code to your app
- BUTTTTT if you want to make this ops. in the UI app (not with browser) than you need to use password flow. Which is we were using this grant_type in React Native 7.3- versions that why we put this warning 🙂
The react native app you talked about in the answer is the one that comes with the template, right? and hasn't the authentication-flow used in the template?, as it opens the url in browser? And I will look into the password-flow as well, thank you for the information. Just a follow-up question about that, Is password-flow handling available through abp APIs, or does it need to be customized.
although, I do have a different question, if you would be kind to answer me, I am going to build a mobile app with flutter, it's not going to add any problems on the back-end side in terms of integration between the two, right?
and is there a way I can keep the user in-app to login/signup while using the openiddict as already setup in the solution.
Can you please share your error and solution. Is that about our mistake I'd like to fix if any error or bug exits in our project
so basically, I confused the development check in the configureservices function, and put the disabling https part within that if !development condition, that was causing some redirecting errors, also the emulator was causing some troubles as well, the documentation although was confusing at the point below:
as I mentioned in the initial question as well, but anyways, I solved the problems, and was able to run the solution successfully.
Hi fahad, I've created a project with 8.0.5 version and I couldn't produce your error. I've just applied your steps and followed the documentation. Here's the result
I checked the errors myself, and fixed them, it's been 3 days since the question.
refund the ticket atleast if noone wants to respond, I have to solve the issues myself. So kindly refund the ticked, Thanks.