DEV Community


Posted on

OAuth CodeFlow without redirection

I wanted to implement OAuth 2 Code Flow with PKCE by help of IdentityServer. Currently, mobile users put their user/password only in the mobile app. They do not redirect to other pages via browsers or popups. When I use Postman to test APIs, I just call some APIs to get access token. I want no major changes on this part too. I do not like a call back endpoint in my side or a popup window in the postman.
Seems that Code Flow cannot be implemented without redirections. In the other hands, the user/pass should be entered in the authentication provider directly. My searches for followings was not helpful:

  • identityserver oauth2 code flow login without redirect
  • identityserver code flow embed login page

A work-around is to embed login page but not sure if it is possible. Postman has an internal mechanism for oauth 2 logging in. It includes entering clientId and client secret then a popup is opened to enter user/pass. However, I was in search of simulating this by several API calls. As my back-end is .Net, I tried to use IdentityServer. I used templates to create a sample application.

Useful resources I found during this search:

Top comments (0)