This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Private-Use URI Scheme Redirection
Private-Use URI Scheme Redirection

Version management

Difference between version and

At line 1 added 44 lines
!!! Overview[1]
[{$pagename}] is defined in [OAuth 2.0 for Native Apps] ([RFC 8252])
Many mobile and desktop computing [platforms|Operating Systems] support inter-app communication via [URIs] by allowing [Applications] to register [Private URI Scheme] (sometimes colloquially referred to as "[custom URI scheme]") like "com.example.app". When the browser or another app attempts to load a [URI] with a [Private URI Scheme], the [Application] that registered it is launched to handle the request.
To perform an [OAuth 2.0] [Authorization Request] with a [{$pagename}], the [Native application] launches the [browser] with a standard [Authorization Request], but one where the redirection URI utilizes a [Private URI Scheme] it registered with the [Operating System].
When choosing a URI scheme to associate with the [app], [apps] [MUST] use a [URI Scheme] based on a [DNS Domain] name under their control, expressed in [Reverse domain name notation], as recommended by Section 3.8 of [RFC 7595] for [Private URI Schemes].
For example, an app that controls the domain name "app.example.com" can use "com.example.app" as their scheme. Some [Authorization Servers] assign client identifiers based on [DNS Domain] names, for [example],
%%prettify
{{{
client1234.usercontent.example.net
}}}
/%
which can also be used as the [DNS Domain] name for the scheme when reversed in the same manner.
A [URI Scheme] such as "myapp", however, would not meet this requirement, as it is not based on a [DNS Domain] name.
When there are multiple [Applications] by the same publisher, care must be taken so that each [URI Scheme] is [unique|Collision-Resistant Name] within that group. On platforms that use [Application] identifiers ([GUID]) based on [reverse domain name notation], those identifiers can be reused as the [Private URI Scheme] for the [redirect_uri] to help avoid this problem.
Following the requirements of Section 3.2 of [RFC 3986], as there is no naming authority for [{$pagename}], only a single slash ("/") appears after the scheme component. A complete example of a redirect URI utilizing a [Private URI Scheme] is:
%%prettify
{{{
com.example.app:/oauth2redirect/example-provider
}}}
/%
When the [Authorization Server] completes the request, it redirects to the client's redirection URI as it would normally. As the redirection URI uses a private-use URI scheme, it results in the [Operating System] launching the [native application], passing in the [URI] as a launch [parameter]. Then, the [native application] uses normal processing for the [Authorization Response].
%%warning
[{$pagename}] has no requirement that the [Private URI Scheme] is a [DNS Domain] under the [Application] developer's control. Therefore [Claimed Https Scheme URI Redirection] is [RECOMMENDED]
%%
%%information
[{$pagename}] uses uses URI (ie NOT [HTTP] redirection) and [App-claimed HTTPS URI Redirection|Claimed Https Scheme URI Redirection] uses URL (ie [HTTP] redirection).
%%
The [Custom URI scheme patterns] are supported on the [Operating Systems].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OAuth 2.0 for Native Apps|https://tools.ietf.org/html/rfc8252#section-7.1|target='_blank'] - based on information obtained 2016-01-15
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop