Authorization Middleware - hippogamesunity/SimpleSignIn GitHub Wiki

Platforms that implement OAuth 2.0 can return data (like auth codes) by redirecting to Redirect URI (data is returned as parameters using GET or POST). A web page where users perform sign-in is called Authorization Endpoint and the process of returning data is called OAuth Redirect.

Some platforms like Google, Apple, Microsoft or X support deep links for Redirect URI, so they can transfer auth codes directly to your app. Other platforms like Facebook or Telegram require Redirect URI to be https protocol, this means they can only return auth codes to websites. On another hand, some platforms like WebGL don't support deep linking at all. In this case we need Authorization Middleware that will handle redirect from Authorization Endpoint and forward data to your app (using deep linking or with a web request from the app when it's activated).

How does it work?

  1. The app creates random unique state (which can be GUID). It will be also required for building an URL to Authorization Endpoint later.
  2. The app initializes Authorization Middleware with state and redirectUri (both values are just temporary saved). redirectUri is a deep link to return data to your app (or it's empty when deep linking is not supported).
  3. The app navigates a user to Authorization Endpoint where the user performs sign-in.
  4. Authorization Endpoint performs OAuth Redirect to Authorization Middleware and returns state and code in URL params. Some platforms may return additional data like id_token or user info.
  5. Authorization Middleware checks if state is valid (was previously initialized) and performs one of the following actions:
    • Redirects received data with deep linking if redirectUri is not empty (for Android, iOS, macOS, UWP and Windows).
    • Temporary saves received data if redirectUri is empty (for WebGL and Editor). In this case the user is asked to return to the app manually, and the app will make a web request to Authorization Middleware to download data when activated.

Feel free to refer to our source codes. You can deploy OAuthController as a part of your ASP .NET website or use as an example to implement Authorization Middleware with other programming language.