I am trying to implement OAuth2 for an iOS app and I am currently using this extension for AFNetworking : https://github.com/AFNetworking/AFOAuth2Manager, but it doesn't renew automatically the access and refresh token. Can you tell me, please, what should I use?
Related
How does the Uber Mobile SDK handle renewing access token?
I don’t see there is explicit way that SDK provides for developer to renew access token manually but I’d like to do so.
Essentially, what I’m trying to doing is that my mobile app handles SSO and pass the access token to my server, Server would then use that to do all kinds of request with Uber directly.
But when it comes to managing the access token, I still prefer to let the mobile app to do it. Hence, I’d like to renew the access token whenever I deem necessary, so that I can always provide valid token to my server.
FYI: I’m authenticating using SSO(i.e Native )
You can instantiate a RidesClient and call refreshAccessToken(usingRefreshToken:completion:)
https://github.com/uber/rides-ios-sdk/blob/master/source/UberRides/RidesClient.swift#L537
For Android:
There is automatic refresh code in the network stack. A refresh token is utilized in the networking stack to refresh the access_token once it expires. So once you get access_token by SSO - even if it was expired - will be refreshed once you get it - so you can use it and pass to your server without any concern is it token expired or not - token will be valid.
I need to upload files from my iOS application into my Dropbox account. I'm following this tutorial to do so: https://www.dropbox.com/developers/core/start/ios. But I don't understand how to use the generated access token to access my own account without going through the authentication flow.
The generated access token available on the Dropbox App Console is an OAuth 2 access token, just meant as a shortcut to let your app to your own account. The Dropbox iOS Core SDK uses OAuth 1 though, so you can't use the generated access token with it. That being the case, you'll need to implement the app authorization flow so that you, and additionally your end-users, can link your iOS app to their Dropbox accounts, as shown in the tutorial.
If you only ever need to link to your own account, you'll still need to process the app authorization flow for your own account once to get an OAuth 1 access token.
We're successfully using Google Sign In to authenticate and access the data we need. However, our token will eventually expire. The GIDAuthentication object includes a refresh token. We're wondering if the sign-in library is handling the refresh behind the scenes, perhaps as part of signIn or signInSilently.
The API documentation doesn't talk about refreshing the token, so I'm hoping someone can explain how the google library uses the refresh token.
Or, if we refresh the tokens in our code, should we only call signIn when we can no longer use a refresh token to get new tokens?
Looks like the api was added to the 2.1.0 sdk, GIDAuthentication refreshAccessTokenWithHandler.
Can SDKs created by Swagger Code Gen (https://github.com/swagger-api/swagger-codegen) manage OAuth token refresh by storing and using a refresh token to automatically refresh an expired access token?
Based on my understanding, clients generated bySwagger-Codegen do not support automatic refresh of token in any way.
You can submit a feature request here to see if the community has cycle to add the feature. Remember to provide details of your requirement and a sample spec if you've one.
I'm developing an iOS app which uses Facebook Login. I have the Facebook iOS SDK set up and working, but the back-end developer of my client has concerns about the safety of Facebook's access tokens.
Using using the Facebook SDK, We want to get an authorization code from Facebook, not the access token, and get the access token on the server with App Key and App Secret. Is there any way of doing this?
Note: I am using this method to login (on FBSession):
openActiveSessionWithReadPermissions:allowLoginUI:completionHandler:
Answering my own question :
This can't be done with the current Facebook iOS SDK, but you can make a graph API call to
https://graph.facebook.com/oauth/client_code?access_token=...&client_id=...&client_secret=...&redirect_uri= ...
to exchange the access token with the code.
But this isn't secure at all, because you would have to ship the app with the App Secret.