The problem is that your sever is a web server, and in the browser, it can redirect your web app during the OAuth process. When using your server with a mobile app, the server acts as a restful server, it does not server your static assets, the phone loads them up. Passport also uses cookies and sessions which may not be the best solution when implementing auth with your mobile app. A better approach is to use client side authentication using the cordova inAppBrowser. Take a look at this example of how I am achieving OAuth with with Beats Music API, this is specific to Beats Music but the process is the same for all OAuth 2. I’m using Beats music client side auth, if you;re using server side auth, then instead if receiving the user’s access_token, you’ll receive an exchange token you must use to request the access token, just an extra step that you’ll have to take using $http.
.factory('LoginService', function (localStorageService, $window, Beats, $state) {
var url = Beats.authorize + '?response_type=token&' + 'redirect_uri=' + Beats.callback + '&client_id=' + Beats.key;
var loginWindow;
var parser;
var params;
var token;
return {
login: function () {
loginWindow = $window.open(url, '_blank', 'location=no,toolbar=no');
loginWindow.addEventListener('loadstart', function (evt) {
parser = $window.document.createElement('a');
parser.href = evt.url;
params = parser.search.split('&');
angular.forEach(params, function (param) {
if(param.indexOf('access_token') > -1) {
token = param.substring(13);
if(token) {
$window.alert(token);
loginWindow.close();
localStorageService.set('beats-token', token);
$state.transitionTo('app.feed');
} else {
}
}
});
});
},