What’s a redirect URI? how does it apply to iOS app for OAuth2.0?

Beginner programmer here, please pardon ignorance & explanations will be really nice 🙂 I’ve tried to read the tutorials for a certain OAuth 2.0 service, but I don’t understand this redirect URI… in my particular context, let’s say I’m trying to build an iPhone app that uses OAuth 2.0 for some service. I have an … Read more

What is the purpose of a “Refresh Token”?

I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why? When I authenticated with YouTube, it gave me a Refresh Token. I … Read more

Refreshing OAuth token using Retrofit without modifying all calls

We are using Retrofit in our Android app, to communicate with an OAuth2 secured server. Everything works great, we use the RequestInterceptor to include the access token with each call. However there will be times, when the access token will expire, and the token needs to be refreshed. When the token expires, the next call … Read more

OAuth 2.0: Benefits and use cases — why?

Could anyone explain what’s good about OAuth2 and why we should implement it? I ask because I’m a bit confused about it — here’s my current thoughts: OAuth1 (more precisely HMAC) requests seem logical, easy to understand, easy to develop and really, really secure. OAuth2, instead, brings authorization requests, access tokens and refresh tokens, and … Read more

Why is there an “Authorization Code” flow in OAuth2 when “Implicit” flow works so well?

With the “Implicit” flow the client (likely a browser) will get a access token, after the Resource Owner (i.e. the user) gave access. With the “Authorization Code” flow however, the client (usually a web server) does only get an authorization code after the Resource Owner (i.e. the user) gave access. With that authorization code the … Read more