What's a redirect URI? how does it apply to iOS app for OAuth2.0?

Asked 8/11, 2012 at 1:22 Answered 3/9, 2015 at 11:51

199

Beginner programmer here, please pardon ignorance & explanations will be really nice :)

I've tried to read the tutorials for a certain OAuth 2.0 service, but I don't understand this redirect URI... in my particular context, let's say I'm trying to build an iPhone app that uses OAuth 2.0 for some service. I have an App ID that was generated, but i need to provide some sort of redirect URI to generate the API key.

Is this a URL that I'm supposed to host somewhere myself?? As the name suggests, I would think that the redirect URL is supposed to "redirect" someone somewhere. My only guess is that it's the URL a user is redirected to after they log in to the service.

However, even if that assumption is correct, I don't understand one other thing - how can my app be opened again after I've sent them to the browser for the user login?

Sutphin answered 8/11, 2012 at 1:22 Comment(0)

203

Read this:

http://www.quora.com/OAuth-2-0/How-does-OAuth-2-0-work

or an even simpler but quick explanation:

http://agileanswer.blogspot.se/2012/08/oauth-20-for-my-ninth-grader.html

The redirect URI is the callback entry point of the app. Think about how OAuth for Facebook works - after end user accepts permissions, "something" has to be called by Facebook to get back to the app, and that "something" is the redirect URI. Furthermore, the redirect URI should be different than the initial entry point of the app.

The other key point to this puzzle is that you could launch your app from a URL given to a webview. To do this, i simply followed the guide on here:

http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html

and

http://inchoo.net/mobile-development/iphone-development/launching-application-via-url-scheme/

note: on those last 2 links, "http://" works in opening mobile safari but "tel://" doesn't work in simulator

in the first app, I call

[[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"secondApp://"]];

In my second app, I register "secondApp" (and NOT "secondApp://") as the name of URL Scheme, with my company as the URL identifier.

Sutphin answered 9/11, 2012 at 13:28 Comment(10)

So, you do need to set up your own web site given in the redirect_uri, is that correct? – Kellda 1/9, 2014 at 5:7

@Kellda in the context of iOS apps - no, fortunately, you don't need your own website. you just need to realize that your iOS app can be opened from a URL given to the web browser. read: iosdevelopertips.com/cocoa/… – Sutphin 3/9, 2014 at 0:14

and why doesnt secondApp:// doesn't work as URL? I ran into same error, and realized that :// doesn't work, but haven't figured out the why yet – Prothesis 1/4, 2015 at 6:29

@Prothesis it probably adds that "://" for you already. so you only need to scheme name – Sutphin 1/4, 2015 at 19:11

@Atieh i didn't. but similar concept applies. you can register your app to parse & accept a custom URL scheme, and route that directly to an Activity which accepts that custom intent. – Sutphin 11/5, 2015 at 22:44

someone pls fix this answer -- architecture-soa-bpm-eai.blogspot.com.br/2012/08/… does not exist anymore – Gleet 11/3, 2016 at 21:28

I am implementing oAuth server. Im stuck at the point at which I have to close my dialogue and send the client to redirect URI. Any help would be much appreciated. – City 15/5, 2016 at 13:48

Hi @DavidT. great answer. They only concern, and hope you can save me, is how to configure schemes for URI's that are forced to use http://, such as [YouTube, Instagram, LinkedIn] ? I tried to register for example http://localhost/oauth2callback redirect, and the scheme http, localhost, or oauth2callback but non of them work – Beutner 15/11, 2016 at 9:50

@TalZion you should probably ask that as a separate question so that you can provide more details and more people can look at it. but basically, those HTTP ones are given by the system typically. see: developer.apple.com/library/content/documentation/iPhone/… – Sutphin 16/11, 2016 at 1:5

what is the redirect_uri in Mobile App flow when it wants to send the credentials (i.e. access token and refresh token) toward the backend side? is it my backend endpoint or something related to the mobile app? – Avigation 23/7, 2022 at 13:43

Take a look at OAuth 2.0 playground.You will get an overview of the protocol.It is basically an environment(like any app) that shows you the steps involved in the protocol.

https://developers.google.com/oauthplayground/

Iapetus answered 3/9, 2015 at 11:51 Comment(0)

redirected uri is the location where the user will be redirected after successfully login to your app. for example to get access token for your app in facebook you need to subimt redirected uri which is nothing only the app Domain that your provide when you create your facebook app.

Bowlder answered 30/5, 2014 at 7:20 Comment(1)

If you are using Facebook SDK, you don't need to bother yourself to enter anything for redirect URI on the app management page of facebook. Just setup a URL scheme for your iOS app. The URL scheme of your app should be a value "fbxxxxxxxxxxx" where xxxxxxxxxxx is your app id as identified on facebook. To setup URL scheme for your iOS app, go to info tab of your app settings and add URL Type.

Thyratron answered 25/6, 2014 at 12:8 Comment(0)

Recommended topics

Hot tags