I need to support an iOS app and it would be way more convenient to be able to set a custom URL scheme as redirect URI under my client settings. So instead of http:// or https:// I would like to use customapp://. Can you please do this change for me?
We currently don’t offer custom URL schemes due to pitfalls that can occur with implementing the authorization code grant OAuth flow on the client side. Some examples are: hardcoding client secrets, not saving the access token (causing users to have to re-auth constantly), and improper handling of the token.
A workaround that I can offer is to have your app talk to a server that handles the OAuth handshake and redirects the client to a custom URL, passing along the access token from the OAuth handshake as a param. This avoids all the above pitfalls.
I see what you mean. Your workaround would work but this is introduces another security risk as you can read on this Apple radar.
Can one of the client libraries be used in conjunction with a mobile client to handle the redirect?