Используйте iOS-клиент Google OAuth2 с универсальными ссылками. ⇐ IOS

[Гость]

I'm creating an iOS application with support for Google OAuth2. After enabling OAuth2 in the developer console, I create credentials for an iOS client, but the redirect url (a custom URL scheme) is hardcoded and I cannot change it.

This goes against Apple's recommendation to use Universal Links. This then requires me to either ignore Apple recommendations and use a custom URL scheme, or force me to create a Web server based client, which supports custom redirect URLs but also requires a client secret, and embed that client secret in the app, which is also insecure.

Google's own documentation is not clear and states that

Код: Выделить всё

client_secret

should not be considered secret, but also shouldn't be published

Is there a way to use

Код: Выделить всё

https://

based redirect for iOS clients ? If not, what's the lesser of the two evils in terms of security ?


Источник: https://stackoverflow.com/questions/781 ... rsal-links