jQuery plugin for doing Oauth2 login in a Cordova App
This jquery plugin can be used to perform Oauth2 login in Cordova app, it uses Cordova In-App-Browser Plugin to perform Oauth2 login flow and returns access_token
or error
in callback, along with actual response from the Oauth2 service.
Supports Oauth2 implicit grant flow (client implicit)
_[Implicit grant is recomended for Cordova apps since it does not require app to store clientsecret]
$.oauth2({
auth_url: '', // required
response_type: '', // required - "code"/"token"
token_url: '', // required for response_type ="code"
logout_url: '', // recommended if available
client_id: '', // required
client_secret: '', // required for response_type ="code"
redirect_uri: '', // required - any dummy url http://www.yourcompany.com
other_params: {} // optional params object for scope, state, ...
}, function(token, response){
// do something with token or response
}, function(error, response){
// do something with error object
});
Example Oauth2 Calls:
1) Facebook Oauth2 (Implicit grant):
Notice that token_url
and client_secret
is not required for Implicit grant and logout_url
is not specified since facebook does not not have a logout url. Facebook also required a special display
parameter to be passed in the URL, this is specified in the other_params
. The first callback function will return the access_token
which can be passed to another function to save and make other API calls. The second callback function handle any errors.
$.oauth2({
auth_url: 'https://www.facebook.com/dialog/oauth',
response_type: 'token',
client_id: 'CLIENT-ID-FROM-FACEBOOK',
redirect_uri: 'http://www.yourwebsite.com/redirect',
other_params: {scope: 'basic_info', display: 'popup'}
}, function(token, response){
makeAPICalls(token);
}, function(error, response){
alert(error);
});
2) Google Oauth2 (Implicit grant):
Notice that token_url
and client_secret
is not required for Implicit grant and logout_url
is specified, this will make sure that Google logout is called before showing Google login option.
$.oauth2({
auth_url: 'https://accounts.google.com/o/oauth2/auth',
response_type: 'token',
logout_url: 'https://accounts.google.com/logout',
client_id: 'CLIENT-ID-FROM-GOOGLE',
redirect_uri: 'http://www.yourwebsite.com/redirect',
other_params: {scope: 'profile'}
}, function(token, response){
makeAPICalls(token);
}, function(error, response){
alert(error);
});
3) LinkedIn Oauth2 (Authorization code grant):
This example show how to make LinkedIn Oauth2 call, notice the scope
parameter is sepcified in the other_params
option as an object, linkedIn also requires state
parameter, this is also specified in the other_params
.
WARNING: Authorization code grant is not recomended for Cordova apps since the client_secret
is exposed in the code and anyone can unpack an Adroid APK for example and get your client_secret
. Always check if the service supports Implicit grant type of Oauth2 and use it instead of authorization code grant for your Cordova app.
$.oauth2({
auth_url: 'https://www.linkedin.com/uas/oauth2/authorization',
response_type: 'code',
token_url: 'https://www.linkedin.com/uas/oauth2/accessToken',
client_id: 'CLIENT-ID-FROM-LINKEDIN',
client_secret: 'CLIENT-SECRET-FROM-LINKEDIN',
redirect_uri: 'http://www.yourwebsite.com/redirect',
other_params: {scope: 'r_basicprofile', state: 'somethingrandom1234'}
}, function(token, response){
makeAPICalls(token);
}, function(error, response){
alert(error);
});
1. Build App using Intel XDK:
client_id
, client_secret
, ...) for the service you want to test.2. Build App using Phonegap build:
client_id
, client_secret
, ...) for the service you want to test.index.html
, cordova.oauth2.js
and config.xml
.3. Build App using Cordova CLI:
These Oauth2 services have been tested with this plugin sucessfully:
here is example code
* Let me know if any service is not working, feel free to send any pull-request for improvements.