jQuery plugin for doing Oauth2 login in a Cordova App
This jquery plugin can be used to perform Oauth2 login in Cordova app, it uses Cordova In-App-Browser Plugin to perform Oauth2 login flow and returns access_token or error in callback, along with actual response from the Oauth2 service.
Supports Oauth2 implicit grant flow (client implicit)
_[Implicit grant is recomended for Cordova apps since it does not require app to store clientsecret]
$.oauth2({
auth_url: '', // required
response_type: '', // required - "code"/"token"
token_url: '', // required for response_type ="code"
logout_url: '', // recommended if available
client_id: '', // required
client_secret: '', // required for response_type ="code"
redirect_uri: '', // required - any dummy url http://www.yourcompany.com
other_params: {} // optional params object for scope, state, ...
}, function(token, response){
// do something with token or response
}, function(error, response){
// do something with error object
}); Example Oauth2 Calls:
1) Facebook Oauth2 (Implicit grant):
Notice that token_url and client_secret is not required for Implicit grant and logout_url is not specified since facebook does not not have a logout url. Facebook also required a special display parameter to be passed in the URL, this is specified in the other_params. The first callback function will return the access_token which can be passed to another function to save and make other API calls. The second callback function handle any errors.
$.oauth2({
auth_url: 'https://www.facebook.com/dialog/oauth',
response_type: 'token',
client_id: 'CLIENT-ID-FROM-FACEBOOK',
redirect_uri: 'http://www.yourwebsite.com/redirect',
other_params: {scope: 'basic_info', display: 'popup'}
}, function(token, response){
makeAPICalls(token);
}, function(error, response){
alert(error);
}); 2) Google Oauth2 (Implicit grant):
Notice that token_url and client_secret is not required for Implicit grant and logout_url is specified, this will make sure that Google logout is called before showing Google login option.
$.oauth2({
auth_url: 'https://accounts.google.com/o/oauth2/auth',
response_type: 'token',
logout_url: 'https://accounts.google.com/logout',
client_id: 'CLIENT-ID-FROM-GOOGLE',
redirect_uri: 'http://www.yourwebsite.com/redirect',
other_params: {scope: 'profile'}
}, function(token, response){
makeAPICalls(token);
}, function(error, response){
alert(error);
}); 3) LinkedIn Oauth2 (Authorization code grant):
This example show how to make LinkedIn Oauth2 call, notice the scope parameter is sepcified in the other_params option as an object, linkedIn also requires state parameter, this is also specified in the other_params.
WARNING: Authorization code grant is not recomended for Cordova apps since the client_secret is exposed in the code and anyone can unpack an Adroid APK for example and get your client_secret. Always check if the service supports Implicit grant type of Oauth2 and use it instead of authorization code grant for your Cordova app.
$.oauth2({
auth_url: 'https://www.linkedin.com/uas/oauth2/authorization',
response_type: 'code',
token_url: 'https://www.linkedin.com/uas/oauth2/accessToken',
client_id: 'CLIENT-ID-FROM-LINKEDIN',
client_secret: 'CLIENT-SECRET-FROM-LINKEDIN',
redirect_uri: 'http://www.yourwebsite.com/redirect',
other_params: {scope: 'r_basicprofile', state: 'somethingrandom1234'}
}, function(token, response){
makeAPICalls(token);
}, function(error, response){
alert(error);
}); 1. Build App using Intel XDK:
client_id, client_secret, ...) for the service you want to test.2. Build App using Phonegap build:
client_id, client_secret, ...) for the service you want to test.index.html, cordova.oauth2.js and config.xml.3. Build App using Cordova CLI:
These Oauth2 services have been tested with this plugin sucessfully:
here is example code
* Let me know if any service is not working, feel free to send any pull-request for improvements.