oauth.io is a good solution for auth stage. It can also help to solve the redirect URL restriction problem. Our original two-stage model still applies:
auth_first, prompt up browser and ask user to go to oauth.io with the pub key.
auth_second, receive the response from a lightweight httpd in the backend.
Part of fetch_code can be reused.
Problem is that, previous standard auth_second only expects code to be returned by fetch_code. Platforms then requests access_token themselves. Now that the access_tokencan be returned directly, we need to redesign the model.
oauth.io is a good solution for auth stage. It can also help to solve the redirect URL restriction problem. Our original two-stage model still applies:
auth_first, prompt up browser and ask user to go to oauth.io with the pub key.auth_second, receive the response from a lightweight httpd in the backend.Part of
fetch_codecan be reused.Problem is that, previous standard
auth_secondonly expectscodeto be returned byfetch_code. Platforms then requestsaccess_tokenthemselves. Now that theaccess_tokencan be returned directly, we need to redesign the model.