[Openid-specs-ab] [External Sender] Working group review of OpenID Connect Native SSO for Mobile Apps specification

Karl McGuinness kmcguinness at okta.com
Wed Sep 21 15:27:10 UTC 2022 

This talk was more aspirational with cross-device scenarios with keychain.  We currently only have customers in production using the intended native app to app (app suite) on a single device use case. 

Interested to hear the feedback.  The lack of interoperable way to tag a refresh token with “device_id” or “device_name” is a common gap today with users using the same app (client_id) across their devices  (e.g phone and tablet) which is much more common with public clients and wanting to revoke tokens for a specific device that I’m surprised we haven’t resolved yet in some other OAuth spec (don’t see any registrations in https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters).

-Karl

> On Sep 20, 2022, at 11:02 AM, George Fletcher via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> This message originated outside your organization.
> 
> 
> 
> For those that missed this talk (Frictionless authentication with mobile single-sign-on; https://www.youtube.com/watch?v=8BkblIYjegk <https://urldefense.com/v3/__https://www.youtube.com/watch?v=8BkblIYjegk__;!!PwKahg!4gaWgD58arjDKiAw8ptJBYOccKxhuF1PoyA2cquMoQ1cLwBYOqmqrU0VIvISxMp0yRn6GSAn3Sq7N2kNuJ6T-q_3ThHocRU$>) at Identiverse in June... it covers an additional use case for the native sso spec. I'd like to discuss this aspect as well on 9/22. I suspect some additional text in the spec may be required to address this use case.
> 
> Thanks,
> George
> 
> On Fri, Sep 9, 2022 at 4:46 PM Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>> wrote:
> It was decided at yesterday’s working group call to advance the OpenID Connect Native SSO for Mobile Apps specification to Implementer’s Draft status.  Prior to the foundation-wide review, please review the specification athttps://openid.net/specs/openid-connect-native-sso-1_0.html <https://urldefense.com/v3/__https://openid.net/specs/openid-connect-native-sso-1_0.html__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauBSXbCeM$> and file any issues athttps://bitbucket.org/openid/connect/issues?status=new&status=open <https://urldefense.com/v3/__https://bitbucket.org/openid/connect/issues?status=new&status=open__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauesDydW0$>.  Please complete your reviews in time for the working group call on Thursday, September 22nd.
> 
>  
> 
>                                                        -- Mike
> 
>  
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauQIwnTfk$ <https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!I0ljc7o-nQa84JH_sl9lYFQhmv7ta1ezRPgP6r5C0sUc9VCSrnrkisjkNpkO_2ifbwuZ-u6KjtxkbHVafArRiq1A_2JZmvauQIwnTfk$>  
> 
> 
> The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> https://lists.openid.net/mailman/listinfo/openid-specs-ab <https://lists.openid.net/mailman/listinfo/openid-specs-ab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220921/2b18b54a/attachment.html>

More information about the Openid-specs-ab mailing list