I am developing an application using Supabase, Flutter and Google OAuth and I would like to know if it is possible to have a single clientId and clientSecret for each device type (ios, android and web) so that I don't have to implement a different authentication workflow for each device.
I have tried looking around the Google Console and see if it is possible to create a single authentication API for multiple devices. I also tried searching online.
CodePudding user response:
There are sevral types of Oauth2 clients.
- installed app client (for applications run on the machine)
- web app clients (for applications run on web servers)
- Android app clients (for applications run on android devices)
- IOS app clients (for applications run on Iosdevices)
The authorization method for these three types is different, the code used to authorize them is also different. They can not be mixed.
- Android app requires SHA-1 certificate fingerprint
- Ios app requires App Store ID
- web app requires a redirect uri
So the answer is no you can not create one type of credential to work with Android, Ios and web, you need three different credential types.
a bit of sdk magic
If a user authorizes your web app, they may not need to authorize your android and Ios apps as long as the credentials are all part of the same project on Google developer console.
Last I checked this is not true the other way around, if a user authorizes android or ios first and then tries web they will need to authorize again.
My guess is this is something baked into the android and ios sdk on googles side that is not part of the respective client libraries for web. Either that or its something in the authorization code grant that isn't in the mobile code grant type for Oauth2 I have never bothered to dig to far into it.