Generate server auth code from macOS app about gtmappauth HOT 6 CLOSED

It seems that an auth code for the server can be obtained by applying additionalParameters.

let authRequest = OIDAuthorizationRequest(configuration: GTMAppAuthFetcherAuthorization.configurationForGoogle(),
                                          clientId: "CLIENT_ID",
                                          scopes: scopes,
                                          redirectURL: redirectURL,
                                          responseType: OIDResponseTypeCode,
                                          additionalParameters: ["audience": "SERVER_CLIENT_ID"])
        OIDAuthState.authState(byPresenting: authRequest,
                               presenting:   presenting) { (state, error) in
                                let serverAuthCode = state?.lastTokenResponse?.additionalParameters?["server_code"] as? String
        }

from gtmappauth.

Fast response during triage: I believe the flow you're suggesting is explicitly not supported by the library because transferring tokens to your server this way is not considered best practice. I confess to not looking into your question very hard, and defer to @WilliamDenniss who can provide a canonical answer.

from gtmappauth.

because transferring tokens to your server this way is not considered best practice

Hm, is this true? I believe the flow @thomzon's referring to is this one: https://developers.google.com/identity/sign-in/ios/offline-access, where we get an auth code (serverAuthCode in the doc) that can then be passed to the server.

I'd also like for this library to support server-side (offline) access - I've a macOS app, so it looks like this library suits. However, we use offline access, so we'd like to pass an auth code to the server so it can get refresh + access tokens. This library doesn't seem to support it. (or maybe I'm not looking in the right places for it?)

from gtmappauth.

Closing this since it looks like it has been answered. Thanks @cocavo

from gtmappauth.

@cocavo Setting the audience parameter does get the server_code. However, exchanging the code for tokens on the server results in an invalid_grant/Bad request error. Is there any else we need to do?

from gtmappauth.

Make sure that the client ID you're using on the server is defined as an OAuth 2.0 Client ID of "Web application" type in the Credentials page of Google Cloud Console and that it is in the same project as the "iOS" type client ID that your app is using.

from gtmappauth.