OAuth in Mobile Apps
Workflow Diagram
Create a Member
Now we'll need to create an OAuth member, which you can do by setting the following:
"is_oauth": true.client_redirect_urlso we can send you UI messages with the right scheme. This can be any string, but we'll usehttps://mx.comin this guide."referral_source": "APP"tells MX to use theclient_redirect_urlyou provided so you can get back to your app.
Remember that you cannot include end-user credentials in your request body when creating an OAuth member. The idea is to never share those with a third party.
Also, we recommend that you always include a unique id when creating any resource on the Platform API so you can easily sync between your systems and ours.
Endpoint: POST /users/{user_guid}/members
Load the OAuth URI
Now that you've got the oauth_window_uri from the last step, load it in the device's default browser.
Do not open the OAuth window in a Webview. Some finanical instutitions have security restrictions for certain web containers or browsers. See OAuth WebView Limitations for more information.
oauth_window_uris are one-time use. Don't hard code an expected URI into your application.
Don't prepend the https:// protocol to the URI string, as MX includes this.
This is where the user will interact with the institution's OAuth page and determine what data will be shared with MX and, therefore, with you. Once the end user is done, they will be redirected to the URL you gave for client_redirect_url. We'll append to this URL information about success/error as well as the member GUID.