I want to authenticate users from iOS app using OAuth2. Already I have created Monday.com app (id: 10064440) but when I go to App → OAuth → Redirect URLs and I want to add url that has no http / https scheme I am getting an error and I can’t save it.
My redirect URL looks like this: “myapp://oauth-callback/monday” where “myapp” is the name of my app (single word). I understand that Monday.com does some verification when a user clicks on “Save Feature” button but my iOS app can’t register for handling “https” scheme because in such case it would handle all links whenever they are clicked (that’s the reason why we have a web browser such as Safari). Instead the app can register its own scheme such as “myapp”.
After I login to my Monda.com account and I choose a workspace I am getting a json message saying: “Invalid redirect_uri” because it isn’t specified inside Monday.com app and Monday.com app config page says: “If you pass a redirect_uri in an OAuth request, it must exactly match one of the URLs you enter here” so I am kind of stuck here.
Problem 1. Apps may not currently be supported on mobile.
Problem 2. When you do the OAuth dance, would you expect the authentication step to break out into a new browser window before going back to the mondaydotcom app?
Ideally from a security perspective, you need to be in a browser window, so that the users can inspect that the domain is valid and the one that they are expecting before submitting their credentials.
I’ve found that the app will not allow you to break out into a new browser window for authentication, in fact for any reason. You just press a button/link and nothing happens. No new window, no message saying you can’t do that.
Same with the MacOS desktop app too.
If there is a way around this that I’ve missed, I’d love to hear.
When the OAuth starts the iOS opens app Safari where you can see URL and all website details you want. So I think that’s pretty secure. If necessary I can make you a screen recording of this process.
What you want to say is that there is now way to setup a custom scheme at the moment? This means that users need to copy-paste their access token which is a problem because our users demographics is quite old and entering their credentials is way easier then explaining them how to retrieve access token.
If you would be able to send an explanation and a screen recording of what you are trying to achieve, the steps you are taking, and the result you are seeing to appsupport@monday.com, we can take a closer look into this from there.