[SOLVED] Can non browser app use OAuth application code grant type

Issue

This Content is from Stack Overflow. Question asked by KareemSK27

We have a requirement to call Snapchat APIs from the non-browser application. These APIs use OAuth for authentication with a grant-type authorization code.

This grant type needs a redirect URI to authenticate with an external application and generate a code that can be used to create tokens.

We don’t have a redirect URI as ours is a non-browser application that needs to pull(GET) data from Snapchat.

How do we generate tokens as we don’t have to redirect URI? Is the autoriation_code grant type suitable for non-browser-based applications?

Refer Snapchat API Specifications for token generation:
https://marketingapi.snapchat.com/docs/#user-auth-via-redirect



Solution

Your application doesn’t have to be a browser, but it does have to support redirection to use the code grant type. From the specification:

https://www.rfc-editor.org/rfc/rfc6749#section-4.1

"The authorization code grant type is used to obtain both access
tokens and refresh tokens and is optimized for confidential clients.
Since this is a redirection-based flow, the client must be capable of
interacting with the resource owner’s user-agent (typically a web
browser) and capable of receiving incoming requests (via redirection)
from the authorization server."

Depending on which stack your application is written in, there may be libraries available to support this.


 This Question was asked in  StackOverflow by  KareemSK27 and Answered by Jason S. It is licensed under the terms of 
CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.
people found this article helpful. What about you?