Issue #360 resolved

Registration 2.1 - What is application_type (native, web) used for?

Michael Jones avatarMichael Jones created an issue

What is the parameter application_type (native, web) used for? Why does this matter and shouldn’t this be specified in terms of the different protocols behaviors and not in terms of some classification system for clients? E.g. do they use implicit or not?

Comments (11)

  1. gffletch

    The behavior implications of 'native' or 'web' are related to issue #539. The main reason for knowing whether an application is 'native' or 'web' revolve around whether to provide the application with "offline access". However, the distinction is also useful in addressing "malicious" activity. For example, if a token shows up at an API with an HTTP referrer header and the token is associated with a client_id of a native app, it is a little unusual and worth tracking/investigating.

    Proposed text:

    application_type OPTIONAL. The defined values are 'native' and 'web' where 'native' is used for those applications that run natively on a device as distinguished from 'web' where the application runs in a web browser (either directly within the browser or as driven by a web server).

  2. John Bradley

    https://developers.google.com/console/help/#generatingoauth2

    Google defines 3 options:

    Web applications Service accounts Installed applications

    Web Apps require a redirect URI be registered and can use Implicit, code. Service accounts are Server to server and uses something like the JWT assertion profile with an asymetric key. Installed applications are code flow only and have options for using localhost or returning the code in the title bar.

  3. John Bradley

    Fixes #360 Made application_type REQUIRED and added a explanation about redirect_uris registration. Web apps must use https: scheme URI and native must use custom scheme or local host. This prevents the blame client ID from being used for two very different applications.

    520d83b0928a

  4. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.