oauth.io is a good solution for auth stage. It can also help to solve the redirect URL restriction problem. Our original two-stage model still applies:
auth_first, prompt up browser and ask user to go to oauth.io with the pub key.
auth_second, receive the response from a lightweight httpd in the backend.
Part of fetch_code can be reused.
Problem is that, previous standard auth_second only expects code to be returned by fetch_code. Platforms then requests access_token themselves. Now that the access_tokencan be returned directly, we need to redesign the model.
oauth.io is a good solution for auth stage. It can also help to solve the redirect URL restriction problem. Our original two-stage model still applies:
auth_first
, prompt up browser and ask user to go to oauth.io with the pub key.auth_second
, receive the response from a lightweight httpd in the backend.Part of
fetch_code
can be reused.Problem is that, previous standard
auth_second
only expectscode
to be returned byfetch_code
. Platforms then requestsaccess_token
themselves. Now that theaccess_token
can be returned directly, we need to redesign the model.