Google OAuth for IOS

Jswan

Hi all! Bit of dissonance in the Google OAuth 2.0 flow & the marketplace Extension directions for mobile apps.

1. If you're developing for mobile, Google doesn't offer a client secret. Should I leave that field blank in the env variables?
2. And what to put for the redirect URI, which it looks like I pass along in the body of my GET request to /oauth/google/init?

I followed the live demo, which led to:
"Redirect URI: https://demo.xano.com/xano-google-oauth/assets/oauth/google/index.html
This value would change to your own hostname if you were using this extension within your own project."

So seems like the answer to (2) is my "hostname", but where's that stored? Is hostname just my project Base URL?

Jswan

Thanks @Chris Coleman ! Circling way back on this one… Appreciate the help.

Ended up solving this by not relying on any sort of mobile client ID. Just went web client ID for everything (we'll see how far that strategy takes me). A distant bell rings from when I was using Adalo as my frontend that that's how they do things as well… but I'm not confident about that.

And just for future reference, here's what it looks like to create a mobile client ID in the Google Cloud Console > Credentials

No redirect URIs. No client secrets.

Some mention of the differences between mobile + web for Google client IDs may be useful to people using XANO's Google OAuth extension. You'll see some confusion in the comment section of Michael's walkthrough vid on YouTube, as well.

Thanks!

Chris Coleman

Hi @Jswan

1. I'm not the best source of information for this question, but it seems the issue could be that in some cases for a mobile app you would be storing the client secret on the device itself, which is not recommended for obvious reasons. See more here.
2. Your redirect URI is where a user will be sent after a successful login on your front-end.