Anyone have any experience with Snapchat login with OAuth2?
From what I know, the Authorization Code Flow goes like this:
Server sends the client a url to Authorize, and the server returns a Authorization Code to the client, the client sends it to the server, then the server requests an access token from the auth server and uses it to request data.

Snapchat's iOS library gets you the access token and data directly. (It gets the code too but it gets the token without the client secret)


And so the front end is telling me that I need to accept the Snapchat access token for Authorization. Is this okay to do? This wouldn't really be following the Authorization token flow anymore. What flow would this be then? Maybe snapchat just doesn't use OAuth2. They use GraphQL instead of rest for user data anyway (which is only 3 fields btw. Idk why they do this)

Also would this be a security issue? Normally to get the access token, a client secret is required but not for snapchat.

Sign in to participate in the conversation

Linux geeks doing what Linux geeks do...