OAuth2 in Apache Cordova

Thanks for the post, Jesse. What is https://phonegap.com/authCallback? Just a dummy/placeholder URL? When the user gets redirect back there, doesn’t that endpoint then have the chance to intercept tokens and such? Shouldn’t the user get directed directly back to the mobile application?

By the way, what is the security implication of adding support for custom schemes in InAppBrowser, specifically when the intent is to return to the app that initiated the InAppBrowser to begin with?

Like what you read? Give Ben Botto a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.