Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support mobile/AJAX one-step authentication using a POST to the login callback. #147

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

dobesv
Copy link

@dobesv dobesv commented Nov 1, 2014

When mobile clients use the platform SDK to authenticate, they can just send a resulting one-time-use token to the server for the server to use for authentication.

See https://developers.google.com/+/mobile/android/sign-in

This change allows mobile clients to POST to /login/google/callback with that code for a Google login experience.

I decided after some thought that it is OK that the "state" feature is not used in this case because the callback_uri is set to "postmessage" and Google will verify that this was the case when the token was issued. However, if this isn't the case an extra API might be needed for a mobile client to fetch a state and then submit it with the login request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant