How To Setup OAuth

This page shows you how to setup OAuth using a generic OAuth provider.  Click here to see how to setup OAuth with Instagram.

***Before starting this process, be sure you have collected all the information you need from your OAuth provider.

 

Step-by-step guide

1. Enable OAuth as the Access Method.

  • In the MobileSmith platform, go to your app project.
  • Open the App Stores menu.
  • Click “App Settings”.
  • Open the Access Method dropdown and select “OAuth”.
  • Click “Apply”.

 

2. Choose a Validation Check option.

  • In the MobileSmith platform, go to your app project.
  • Open the AppBlocks menu.
  • Click "Access Manager".
  • Under "Access Manager", click "Configuration".
  • In the Validation Check section, you have two options to choose from:
    • "Check the validity of the user's access token only when they attempt to access secure data that requires a valid access token."
      • This means that the app user will only need to login when his access token expires (after the initial login).  If your OAuth server uses tokens with a long expiration time, the app users will not have to login very often.  This option provides a little more convenience and a little less security.
    • "Check the validity of the user's access token every time they open the app, regardless of the data they are attempting to access, i.e. verify that user has access to the app as a whole."
      • This means that the app user will need to login every time he opens the app, regardless of whether or not the access token has expired.  This option provides a little more security and a little less convenience.



3. Obtain the two ‘Redirect URI’ fields.

  • In the MobileSmith platform, go to your app project.
  • Open the AppBlocks menu.
  • Click “Access Manager”.
  • Under “Access Manager”, click “Configuration”.
  • Below the Validation Check section, you will see a ‘Device Redirect URI’ and a ‘Platform Redirect URI’. Copy and paste these into a document or simply leave the browser tab open.


4. Register the app with your OAuth Provider.

  • Go to your OAuth provider.
  • If your provider accepts multiple Redirect URIs per client (see question #1), include both Redirect URIs (Platform and Device) when you register. If your provider does not accept multiple Redirect URIs per client, register once using the Platform Redirect URI and once using the Device Redirect URI.

 

5. Find your Client ID(s) and Client Secret(s)

  • Find your Client ID(s). Copy and paste into a document or simply leave the browser tab open.
  • Find your Client Secret(s), if applicable (see question #6). Copy and paste into a document or simply leave the browser tab open.

 

6. Indicate whether or not your provider accepts multiple Redirect URIs.

  • In the MobileSmith platform, go to your app project.
  • Go to AppBlocks > Access Manager > Configuration.
  • If your provider accepts multiple Redirect URIs (see question #1), do not check the “My OAuth provider only accepts one Redirect URI per client” checkbox.
  • If your provider does not accept multiple Redirect URIs, check the “My OAuth provider only accepts one Redirect URI per client” checkbox.

 

 

7. Select the Response Type

  • In the MobileSmith platform, select either “Explicit” or “Implicit” for the ‘Response Type’ field (see question #4).

 

8. Enter the base Auth URL

 

 

9. Enter the Client ID(s) and Client Secret(s)

  • Find your Client ID (see question #3) and copy it.
  • In the MobileSmith platform, paste into the ‘Client ID’ field.
  • If you have a second Client ID, copy it and paste it into the ‘Platform Client ID’ field.
  • Find your Client Secret (see question #6) and copy it.
  • In the MobileSmith platform, paste into the ‘Client Secret’ field.
  • If you have a second Client Secret, copy it and paste it into the ‘Platform Client Secret’ field.

 

 

10. Enter the Access URL (Explicit only)

  • Find your provider’s Access URL (see question #5) and copy it.
  • In the MobileSmith platform, paste into the ‘Access URL’ field.

 

11. Enter the Scope data (Optional)

  • In the MobileSmith platform, enter Scope data in the “Scope” field.

 

 

12. Set the token settings

  • Select “Header” or “URL” for the ‘Send the Token in’ field (see question #8).
  • If you selected “URL”, find what your provider needs the token sent as (see question #9) and enter it in the ‘Send the Token as’ field.

 

 

13. Authenticate

  • On the Access Manager configuration page (MobileSmith), click “Verify”. This will save your settings and initiate the platform authentication process.
  • Depending on the OAuth provider, you may see a popup asking you to login and/or authorize.

 

**NOTE: For a single OAuth provider, the Auth URL, Access URL, and Token settings will be the same for every app, while the Client ID and Client Secret will be different. For example, if you created two separate apps in the MobileSmith platform and wanted to use Instagram as the OAuth provider for both apps, you would use the exact same Auth URL, Access URL, and Token settings in both of your apps. You would need to register each app separately with Instagram, which would give you two different Client IDs and two different Client Secrets

The Redirect URI is used for two purposes:

  • First, you will need it to register the app with the Auth Provider
  • Second, it will be used by the Auth Provider to ‘redirect’ a user (once successfully authenticated) from the login page back to the app

 

**NOTE: There are two Redirect URI fields. One is to allow the platform (in the browser) to confirm that your OAuth settings are correct. The other will be used by the app once installed on a mobile device.

 

Click here to see the above steps used with Instagram.