1

My company is wanting to implement OpenID Connect via Oauth 2.0 across our client software, which comes in Windows, HTML5, Android, IOS, etc. Toward that end, we are trying to find a way of getting the login info back that will work across these platforms.

Our understanding was that a custom uri scheme (i.e., companyname://) was the recommended way of going forward, and we have verified on our end that that would work. However, we have yet to be able to find a provider that would support that configuration. So far OneLogin & Google are both locked to https:// (or http:// for dev), which leaves us something of a conundrum.

So essentially, my question is, were we misled about the custom uri scheme? If so, is there another method we can use that will allow our web & standalone apps to pick up the return info from whichever OpenID providers we go with? We want to keep it open as possible, so we're trying to avoid lock-in APIs and suchlike. Any advice would be appreciated. Thanks.

user3272781
  • 33
  • 6

1 Answers1

0

We do support the custom URI redirect. You'll need to select right type of client when creating a client id on Google developer console.

See the details here. https://developers.google.com/identity/protocols/OAuth2InstalledApp

One way to support any provider is that you use a Web flow to redirect to a page on your site and then your website does a redirect to a custom scheme.

nvnagr
  • 2,017
  • 1
  • 14
  • 11
  • When I try this, it seems to give me different options than the document page you linked indicates. After choosing Create credentials > OAuth client ID, it gives me a list of app types. It seems only Web Application has an option for Redirect URI, and that's locked to http or https schemes. So am I misunderstanding something here? I'm beginning to think your suggestion of having it redirect to something on our site that will do a client-side redirect to our actual custom scheme might be the only way forward; I'm just concerned about how that would work with our mobile devices. – user3272781 Oct 01 '18 at 14:33
  • On Android for a native app, you don't need redirect URI because we can check your package name and there is no redirect taking place. You make a call to Google play services API and get tokens. On Web you need redirect URI. On iOS you can use either the reverse of your bundle id or reverse of client id as the custom scheme. So you are right in that we don't support arbitrary custom URI. – nvnagr Oct 02 '18 at 15:53