the part user needs enter creds can shown if client app redirects stateless static page alongwith params, belongs oauth-server.com domain no other app has access username , pwd.
after post -ing form oauth-server.com, there way redirect user client app without oauth-server redirecting via browser session? there json restful mechanism oauth2?
so answer question, redirect_uri exists sole purpose of letting client app(web, ios or android) know status of authentication request.
and oauth2 server cannot other redirecting, because server redirect to? (which redirect_uri anyways).
refer following articles best practices redirect data installed / mobile client app
https://developers.google.com/identity/protocols/oauth2installedapp
specifically section, https://developers.google.com/identity/protocols/oauth2installedapp#choosingredirecturi
hope helps!
Comments
Post a Comment