Native iOS App - OAuth 2.0 Authorization Code Flow

API API Clients
1

Hello,

Currently, my company has a native iOS app that leverages your V1 RESTful API, authorizing via the API Token. When a user logs in for the first time, the app calls the Authorizations endpoint in order to obtain the proper API token, and subsequently communicate with your V1 API. The Authorizations endpoint has since been deprecated and will be removed in December 2019.

We are now looking to point the iOS app’s data services towards your API-proxy (OAuth, etc.). This would entail a “private” app. I am assuming most of your approval process is for web-based “apps”, that can properly store a Client Secret. How would I successfully navigate the approval process for a private iOS integrated app?

Do you have an OAuth 2.0 Flow that adheres to the following “OAuth 2.0 for Native Apps” Best Current Practice (https://tools.ietf.org/html/rfc8252

Thank you in advance for your help.

2

Hello Nick,

The OAuth 2 flow is a standard one. It’s on you to make sure you use best practices while implementing it for your app.

The authorization process should happen in the browser (webview).

53
Screen Shot 2019-05-24 at 13.05.53.png1308×288 11.6 KB

You can store the token on your server and then either:

  1. request it when you need to make an API call and contact Pipedrive from the app, or
  2. contact Pipedrive through your server.

Method 1

46
Screen Shot 2019-05-24 at 13.05.46.png1106×742 15.9 KB

Method 2
42
Screen Shot 2019-05-24 at 13.05.42.png1264×460 13.1 KB

For personal preference, I would go for #2.

Let’s see if someone else has something to add.

Hope that helps :slight_smile:

1 Like