Comments (6)
Hi @artalat , this is intended by Logto, since your app is a native app, you need to use a reverse domain name notation for your scheme according to the RFC when using OAuth 2.0.
from logto.
Hi @xiaoyijun , thank you for your response. But this distrupts the Expo development process. As Expo's offical Expo Go app uses this scheme. In Expo, for managed workflow apps, development is done on Expo Go. So this is a problem.
Besides, if the OS is not enforcing this limitation, why should Logto?
from logto.
@xiaoyijun let's discuss this next week
from logto.
Any update on this?
from logto.
@artalat, on which platform did you execute Expo Go? If it was iOS, you can define a custom redirect URI e.g. app.my//callback
and pass it to the AuthSession instead of the default exp://XXXX one, which should unblock your development.
However, I'm afraid that this won't work on Android. Custom redirect URIs might not invoke the Expo Go app correctly on Android.
To conduct testing on Android, you'll need to build an Android package instead of relying on Expo Go, and set the custom scheme in the App.json
file. This ensures everything works properly on the production packages.
The private use native client scheme is restricted by the OAuth2.0 spec.
For private-use URI scheme-based redirects, authorization servers
SHOULD enforce the requirement in Section 7.1 that clients use
schemes that are reverse domain name based. At a minimum, any
private-use URI scheme that doesn't contain a period character (".")
SHOULD be rejected.
Let me know if this helps.
from logto.
@simeng-li Thanks for your detailed response, apart from the hassle this causes, my point is if the OS/platform allows setting a scheme without a ".", Logto shouldnt enforce this restriction for those specific OS/Platforms
from logto.
Related Issues (20)
- bug: Username is empty and no prompt to modify username when creating a new user via email HOT 4
- feature request: Password policies when updating user password HOT 3
- feature request: Unified App Page for Logged-in Users HOT 3
- feature request: Impersonation Functionality HOT 5
- feature request: Multiple Sign-in Experiences for Different Applications HOT 3
- bug: URI parsing in the admin console results incorrect redirectUris and postLogoutRedirectUris stored HOT 1
- Scope field is empty in Token Response HOT 19
- feature request: deploy on vercel HOT 3
- bug: OIDC server returns "resource indicator must be an absolute URI" error HOT 1
- How to correctly access scopes in the nextjs server action situation HOT 2
- bug: Logto Webhooks not firing when using SSO HOT 1
- bug: useHandleSignInCallback not call
- bug: Errors that happen during tenant initialization are not logged to console HOT 2
- bug: GitHub connection does not fetch email-address HOT 1
- bug: Error on create a password behind a proxy HOT 3
- feature request: out-of-the-box user settings management page HOT 2
- k3s: Seeded, migrated - but, not starting. HOT 2
- feature request: Register multiple WebAuthn (Passkeys) HOT 1
- bug: The doc is completely wrong for NextJs App router. HOT 1
- bug: Unable to seed database on neon HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from logto.