[Openid-specs-ab] WG meeting topic
Tom Jones
thomasclinganjones at gmail.com
Mon Mar 18 20:35:46 UTC 2019
Detecting what? The redirect from the op via the user agent?
thx ..Tom (mobile)
On Mon, Mar 18, 2019, 12:16 PM Nat Sakimura via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Google apparently is banning a request from WebView so there has to be a
> way to detect it at least on Android. Or are they just depending on the
> user agent header string which is totally spoofable?
>
> 2019年3月19日(火) 2:05 George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>:
>
>> Hi,
>>
>> I'd like to have a discussion around security and authentication flows
>> occurring with the system browser vs a webview. I get the potential
>> security risk but I don't think we have any guidance on how an IdP is
>> supposed to ensure whether requests are coming from the system browser
>> vs a webview.
>>
>> Thanks,
>> George
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190318/fee3cd43/attachment.html>
More information about the Openid-specs-ab
mailing list