I’m new to OAuth and having trouble visualizing the process behind how it works.
From what I understand, when I attempt to verify credentials via OAuth, I send a request to the login server, which takes over and has the user log in on the site itself. If credentials were valid, the callback URL of the OAuth request is then visited, and a token is attached to the callback URL. This token must be passed with all future HTTP requests to the server, and serves as validation of the user’s credentials.
Where I am confused is, how do I adapt this process for a desktop application with no server? What do I use for a callback URL, and how do I retrieve the token if I’m just running a .NET application on my desktop?
Thanks!
It depends on what service providers you want to support.
Google has a good description of how to use OAuth 2.0 with ‘installed applications’ here:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
In general, there are a few different strategies:
If your OAuth 2.0 provider doesn’t support OOB, you can also redirect to a web server which you own to accomplish a similar task.
The biggest question is whether you’re doing this for authentication (getting the user’s identity) or authorization (getting access to the user’s data via a web API). If you’re trying to authenticate the user, you’ll need some server-side logic you can trust to pass the authorization code or access token for validation.