[Openid-specs-native-apps] Web Browser news from WWDC
William Denniss
wdenniss at google.com
Thu Jul 23 14:28:12 UTC 2015
Hi All,
John and I introduced a new draft at IETF93 yesterday on this topic.
https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00
Goal is to provide best practices for native apps using the RFC6749
authorization
endpoint, expanding on RFC6749 Section 9. Specifically, it recommends
using an external user-agent (such as the system browser) for this task
over an embedded user-agent (such as a web-view), and suggests ways to
achieve this.
When implemented, improves security and delivers true SSO for native apps.
Comments welcome. Use the oauth wg list
<https://www.ietf.org/mailman/listinfo/oauth> for things that are not
specific to NAPPS.
Best,
William
On Tue, Jun 16, 2015 at 5:37 AM, David Waite <david at alkaline-solutions.com>
wrote:
> You might have multiple redirect_uris if you have sections of your website
> which are not represented by your app but which need authentication.
>
> Website initiated -> website-only redirect uri (uri not claimed by the app)
> App initiated -> app-only redirect uri (gives an error if you hit it with
> a browser)
>
> For other cases (no auth functionality on site, complete overlap between
> website and app) you would only need a single redirect uri.
>
> -DW
>
> On Jun 15, 2015, at 5:02 PM, John Bradley <ve7jtb at ve7jtb.com> wrote:
>
>
> The callback/claimed URI is a separate feature from the browser tab. It
> would be generic to the browser. Letting apps claim links that would
> otherwise go to a web server.
>
> So a linked in link in a email would open the native app rather than the
> web page.
>
> We don’t have much info on how they would work together.
>
>
> Assuming the call to a token agent, and the call to the web site is the
> same then a AS could just insert a token agent by having the user install a
> app.
>
>
>
> _______________________________________________
> Openid-specs-native-apps mailing list
> Openid-specs-native-apps at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-native-apps
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20150723/85059e6b/attachment.html>
More information about the Openid-specs-native-apps
mailing list