login about faq

OAuth 2.0 supports https redirect?

asked Oct 05 '17 at 16:42

valverde's gravatar image


edited Oct 09 '17 at 15:45

The Chilkat OAuth2 class is to help desktop and non-web applications with 3-legged OAuth2.

If you have a web application, then you would implement the 3-legged OAuth2 directly. In 3-legged OAuth2, you have (1) an Authorization Endpoint, and (2) a Token Endpoint.

For example, in Shopify:

In a web application, you would use Chilkat Http or any other convenient HTTP API to send the initial request to the Authorization Endpoint. Your redirect_uri would be a URI directed back to your web application, which receives the redirect request and then sends the final HTTP request to the token endpoint.

HTTPS (i.e. a secure TLS connection) SHOULD be used in the case of a web application, because the redirect is traveling from the local browser, across the Internet, to your web application.

In the case of a desktop application (non-web application), you don't have the capability to receive a redirect on a web server. The Chilkat OAUth2 class is creating a background thread for the single purpose of receiving the redirect. Thus the local web browser that interactively gets permission from the account owner is always communicating with your application on the same local machine. There is no communication across the Internet for the redirect, and therefore no HTTPS is needed. In fact, you cannot really use HTTPS because what server certificate would you use? You'd run into all sorts of trust issues with the browser not being happy with some self-signed "localhost" certificate. There's just no point in opening that can of worms because it's not even necessary..


answered Oct 10 '17 at 08:24

chilkat's gravatar image

chilkat ♦♦

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Oct 05 '17 at 16:42

Seen: 2,643 times

Last updated: Oct 10 '17 at 08:24

powered by OSQA