When using AppAuth (v 0.90.0) for Google OAuth authentication on my iOS app, specifically for iOS 11, the following happens:
- Start Google authentication on the iOS client with a redirect URI
http://myproduct.com/oauth-redirect. Because the client ID is that of a web application, I'm not able to specify a custom URL. - AppAuth starts a SFAuthenticationSession on the client, I'm prompted to allow sign-in. Select Continue. (https://github.com/openid/AppAuth-iOS/blob/0.90.0/Source/iOS/OIDAuthorizationUICoordinatorIOS.m#L91-L95)
http://myproduct.com/oauth-redirectredirects to a custom URLmyproduct://auth, and SFAuthenticationSession completion block runs with a callback URL ofmyproduct://auth.- When AppAuth resumes the auth flow, it checks whether the original URL is the same as the callback URL from the previous step: https://github.com/openid/AppAuth-iOS/blob/0.90.0/Source/OIDAuthorizationService.m#L108-L110
- Because
http://myproduct.com/oauth-redirectandmyproduct://authare different, the flow stops.
Note that I'm using a web app clientID so that I can perform token exchange on the server side.
In the previous AppAuth version, this was possible because I was able to call resumeAuthorizationFlowWithURL directly with the updated URL.
Is there a way to support this use case without having to update AppAuth?