Since there is no WebKit it seems impossible to authorize the user with any web service using OAuth.
I understand why Apple might not want to provide full WebKit access to us developers. But how about a very restricted and specialized OAuthLoginController?
Or does tvOS maybe already contain something like that?
Please file a bug report at https://bugreport.apple.com for features you'd like to see.
I'm in the middle of writing an article about how we approached this. It's not impossible but it does involve a few extra steps and authentication on another device. I'll post a link here when I've finished writing it but essentially we've built a middle-man service that the tvOS app can request a 1-use URL from. The user goes to the URL, authenticates and it pushes the token back to the TV for safe keeping.
Here's the method we're using for OAuth authentication: http://stephenradford.me/oauth-login-on-tvos/
This is my biggest request. I had started to develop an app that relies on third-party APIs and OAuth but I'm dead in the water until tvOS supports it.
Steve228uk: That is interesting, but having to use another device to authenticate is going to be a deal killer for my app.
I will file a radar requesting this feature.
Ah shame… I can't see Apple adding this in the near future. I'd imagine more providers will move towards xAuth. Twitter already allows it for circumstances such as this.
Thanks for sharing that!
Yes, a flow like this is likely the way to go, at least for now.
I am a bit worried that Apple could decide that this is not an acceptable experience (because it requires an external device) and will reject it.
Are there published review guidelines for tvOS apps yet?
Not seen any guidelines but I can't see why they'd reject it. The YouTube app on the current Apple TV logs you in in that fashion.
I do think it is conceivable that Apple could reject apps for this.
Maybe they will decide that apps have to provide their functionality with just the stock Apple TV, without requiring any external devices.
The fact that they decided to prohibit games that require a game controller hints at this.
I am not saying I think that this is what will likely happen. But I think it is possible and at this point I would not want to invest significant time and/or money into an app that relies on auth via external devices.
Unfortunately the fact that some app (especially a pre-tvOS app) does something is no guarantee that reviewers will allow you to do the same.
Really? Apps using game controllers are prohibited on the new Apple TV? My understanding was that an app *MUST* support being controlled using the Apple Remote at a bare minimum, however it *could optionally* support another type of input device (game pad, etc.) if one is available.
Your understanding is correct. And that's also what I wrote. Apps are not allowed to *require* a game controller.
You can do oAuth on the client iOS app. Then you can use a pairing code technique to pair your account on the TV App.
What if the user doesn't have the iOS app?
If your users have no iOS companion app, a possibile solution so far is a one-time password authentication url as described in the document linked in this thread to be visited by the user on a browser (mobile or desktop):
http://stephenradford.me/oauth-login-on-tvos/
Anyway, keep in mind that this technique is not recommended by oAuth 2.0 officially.
This solution ca be applied to auth pin via Text Message (SMS).
