HTTP/1.1 500 Segfault: Building a web server in C
It feels like every single web service wants to use OAuth to get user data, and for good reason too. The alternatives include requiring users to create access tokens manually (yikes) and asking users to input their usernames/passwords to impersonate them (giga yikes). At least with OAuth, users get to see a pretty screen with a big “Approve” button.
The OAuth spec defines many different auth flows, but I want to focus specifically on Authorization Code with Proof Key for Code Exchange, or PKCE for short. In summary, the steps for PKCE are:
If you’ve implemented OAuth on a web app, you’ve likely already done all of this (though maybe through a library that hides all the inner workings). Native applications run into an issue on step 4, though: how do you redirect from a website to a desktop application?
The extremely platform-dependent answer is to register a custom URI scheme for your application, so something like my-cool-app:callback opens your application with the appropriate intent/parameters. The exact mechanism differs between platforms (Intent Filters on Android, URL Types on iOS/macOS, Registry on Windows), but once you have it set up, the OS deals with launching/notifying your app.
