Are you looking to add login into mobile app using WordPress credentials? miniOrange OAuth 2.0 Server/Provider is the solution for you! SSO or Single Sign-On has been in use by enterprises for more than a decade now. It has been quite popular for web-based applications, but for mobile applications; SSO has been an intricate task. New technologies and notions are using OAuth 2.0 flow; which allows users to do mobile application SSO seamlessly. A few ways to achieve this are discussed below.
PKCE or Proof Key for Code Exchange is a security extension of OAuth 2.0 for mobile applications Single Sign-On (SSO )using WordPress Server. It is intended to avoid compromising the client_secret. The flow uses two parameters, the code verifier and the code challenge instead of the client secret.
The detailed flow of PKCE is described below:
The aforementioned flow requires the user to be redirected to your WordPress site. So, it can be done in 2 ways, either you can open a webview inside your mobile app, or redirect users to the browser application.
The Resource Owner Password Grant Flow uses the user credentials (eg. email and password) directly and sends them in the POST request of the application. Then, an id or access token with a refresh token is returned to the application, which can be fetched from the id_token directly by decoding it, or sending an API call to the userinfo endpoint using the access_token.
The detailed flow of the Resource Owner Password Grant is described below:
If you have any questions or queries or want to discuss your use case, please feel free to reach out at firstname.lastname@example.org we will provide you demo and show you the working of the solution so that you are 100% sure about the solution before you decide to purchase it.
Need Help? We are right here!