[Openid-specs-ab] Single Sign-On is dead on iOS 11
Thomas Broyer
t.broyer at gmail.com
Tue Jul 11 06:13:43 UTC 2017
Looks like they have a new API specifically for auth:
https://twitter.com/othermaciej/status/884646977207545856
Le mar. 13 juin 2017 02:04, Nat Sakimura via Openid-specs-ab <
openid-specs-ab at lists.openid.net> a écrit :
> Maybe we can call upon the privacy community as well raising the voice
> that this is very bad for privacy.
> I wonder what is the privacy enhancement they have in mind.
>
> On Fri, Jun 9, 2017 at 2:34 AM 'Iain McGinniss' via OIDF Account Chooser
> list <oidf-account-chooser-list at googlegroups.com> wrote:
>
>> Hello all,
>>
>> Just to bring this to your attention: Apple has essentially killed single
>> sign-on for native apps in iOS 11. Changes made to SFSafariViewController
>> (used by AppAuth, and the recommended mechanism for federated login by
>> Apple) now mean that browser state is partitioned per app, so there is no
>> way for an existing authentication in the browser to be reused by an app.
>>
>> This fundamentally breaks an important part of OpenID Connect - users
>> will now need to re-authenticate with their IDP in every app that they use.
>> There is still time to provide feedback to Apple on this change, though
>> they have been discussing this change in terms of "enhancing privacy" and
>> I'd be very surprised if they change tack now.
>>
>> Iain
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "OIDF Account Chooser list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to oidf-account-chooser-list+unsubscribe at googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
>
> Nat Sakimura
>
> Chairman of the Board, OpenID Foundation
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170711/937f828f/attachment.html>
More information about the Openid-specs-ab
mailing list