AppAuth

Overview#

AppAuth is an Native application Open Source OAuth Client is a client-side SDK for JavaScript, Android and iOS using Browser-view components for communicating with OAuth 2.0 and OpenID Connect Providers and is the Best Current Practice (BCP 212)

AppAuth Open Source#

AppAuth Open Source and available on GitHub

AppAuth for JavaScript[1]#

AppAuth for JavaScript is a client SDK for OAuth Public Clients for communicating with OAuth 2.0 and OpenID Connect Providers. The library is designed for use in Node.js CLI applications, Chrome Apps and applications that use Electron or similar frameworks.

It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language.

The library also supports the PKCE extension to OAuth 2.0 which was created to secure Authorization Codes in OAuth Public Clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses.

AppAuth for Android [2]#

AppAuth for Android is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers originally created by Google

AppAuth strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens.

The library follows the Best Practices set out in OAuth 2.0 for Native application including using Chrome Custom Tabs for the auth request. For this reason, WebView is explicitly NOT supported due to usability and security reasons.

The library also supports the PKCE extension to OAuth 2.0 which was created to secure authorization Codes in OAuth Public Clients when Custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses.

AppAuth for iOS [3]#

AppAuth for iOS is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers. It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens.

Both Private-Use URI Scheme Redirection (all supported versions of iOS) and Universal Links (iOS 9+) can be used with the library.

It follows the Best Practices set out in OAuth 2.0 for Native application including using SFSafariViewController for the Authorization Request. For this reason, UIWebView is explicitly NOT supported due to usability and security reasons.

It also supports the PKCE extension to OAuth 2.0 which was created to secure Authorization Codes in OAuth Public Clients when Custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional params in all protocol requests and responses.

AppAuth Examples#

There is a good Secure and Usable OAuth for Mobile Apps on youTube

More Information#

There might be more information for this subject on one of the following:
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!