Native App SDK for OAuth 2.0 and OpenID Connect implementing modern best practices
AppAuth is a client SDK for native apps to authenticate and authorize end-users using OAuth 2.0 and OpenID Connect. Available for iOS, macOS, Android and Native JS environments, it implements modern security and usability best practices for native app authentication and authorization.
It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens.
It follows the best practices set out in RFC 8252 - OAuth 2.0 for Native Apps including using in-app browser tabs (like SFAuthenticationSession and Android Custom Tabs) where available. Embedded user-agents (known as web-views) are explicitly not supported due to the usability and security reasons documented in Section 8.12 of RFC 8252.
It also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional params in all protocol requests and responses.