refreshToken for mobile app

casdoor / casdoor-flutter-sdk

Flutter SDK for Casdoor, see example at: https://github.com/casdoor/casdoor-flutter-example

https://github.com/casdoor/casdoor

Apache License 2.0

9 stars 13 forks source link

refreshToken for mobile app #30

Closed fischermario closed 9 months ago

fischermario commented 9 months ago

I'm interested in the refreshToken method. If the app is an Android/iOS app it is a pretty bad idea to put the client_secret into the code as it can be easily retrieved by decompiling the app.

Is there any other way to obtain a refresh token using the SDK that does not involve supplying the client secret?

casbin-bot commented 9 months ago

@seriouszyx @ComradeProgrammer @Resulte

hsluoyz commented 9 months ago

@fischermario use OAuth PKCE flow, refer to:

https://github.com/casdoor/casdoor-react-only-example/pull/2#discussion_r1335160457
https://github.com/casdoor/casdoor-react-native-sdk/commit/a75a9012b207ef7e90d17629c6a506cfee18965e