login about faq

OAuth 2.0 supports https redirect?

asked Oct 05 at 16:42

valverde's gravatar image

valverde
11

edited Oct 09 at 15:45


The Chilkat OAuth2 class is to help desktop and non-web applications with 3-legged OAuth2.

If you have a web application, then you would implement the 3-legged OAuth2 directly. In 3-legged OAuth2, you have (1) an Authorization Endpoint, and (2) a Token Endpoint.

For example, in Shopify:

In a web application, you would use Chilkat Http or any other convenient HTTP API to send the initial request to the Authorization Endpoint. Your redirect_uri would be a URI directed back to your web application, which receives the redirect request and then sends the final HTTP request to the token endpoint.

HTTPS (i.e. a secure TLS connection) SHOULD be used in the case of a web application, because the redirect is traveling from the local browser, across the Internet, to your web application.

In the case of a desktop application (non-web application), you don't have the capability to receive a redirect on a web server. The Chilkat OAUth2 class is creating a background thread for the single purpose of receiving the redirect. Thus the local web browser that interactively gets permission from the account owner is always communicating with your application on the same local machine. There is no communication across the Internet for the redirect, and therefore no HTTPS is needed. In fact, you cannot really use HTTPS because what server certificate would you use? You'd run into all sorts of trust issues with the browser not being happy with some self-signed "localhost" certificate. There's just no point in opening that can of worms because it's not even necessary..

link

answered Oct 10 at 08:24

chilkat's gravatar image

chilkat ♦♦
12.8k317367483

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×17

Asked: Oct 05 at 16:42

Seen: 274 times

Last updated: Oct 10 at 08:24

powered by OSQA