Re: [OAUTH-WG] Call for adoption: OAuth 2.0 for Native Apps

Brian Campbell <bcampbell@pingidentity.com> Wed, 20 January 2016 18:39 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE5CD1ACC92 for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 10:39:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7QEWXyFU1v4 for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 10:39:21 -0800 (PST)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB9591ACC91 for <oauth@ietf.org>; Wed, 20 Jan 2016 10:39:20 -0800 (PST)
Received: by mail-ig0-x22f.google.com with SMTP id ik10so106932965igb.1 for <oauth@ietf.org>; Wed, 20 Jan 2016 10:39:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=aw8ECSlN7ARJnI0cxvSRJR4mJPRiOXOWTBQXQchobFc=; b=QdMoT/rRR9BsC5wDpjENae+I4brh1/Lf0K0+wd22FT51+1b88/nZrPH1H+DyckXUvR wv5hT6/snS99TeHomSpC6iJItM+Uzj8z/KDcH7gKA084U3g5mwBth75TjA88+Vcj5EzC Vn0GtG9zNZovPd5nEv7T9469hiRuZK16H1YqY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=aw8ECSlN7ARJnI0cxvSRJR4mJPRiOXOWTBQXQchobFc=; b=f/emrxHH1AkRFEmnlaxZ26gkAlE5QEo9cgjXIzNRYMkqsIEC8Tu2NlOmMN7pPKBSEs 0ytUYGskIUPMlKZX2kQiHpiJuity56IkMaUdlFi8pZ7hhXNXigGuS/gfH45KzoWhI0Fn KtKHFacF/K7HGPsoXpGp2GDGjt3WAJWCvQIM1NI0av2d6rQ9r1gW7ytEHtx+cQ/kcH3T 6yDSPS/rnq67iPzYY8p70wsA68RZq7wFBrGdwlMPQKz/OraV7bPrj7wjyvHMPkrNmlA4 zOedmdTIBn5BXLybwbc18hehLen4J3XMJCzEGlIs1tI+WMOwgezUJy2sFP2UxQZ+8HhI KBcg==
X-Gm-Message-State: AG10YOQF8uY4IdpR5yVYMUvdBtOmh8JB5WASkOL1Gt3lNlHn5WVnA+vM5/o1iiGQSZ6xNPkaFEVAbuYUvcfiWoOa
X-Received: by 10.50.13.102 with SMTP id g6mr5388608igc.77.1453315160079; Wed, 20 Jan 2016 10:39:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.212.69 with HTTP; Wed, 20 Jan 2016 10:38:50 -0800 (PST)
In-Reply-To: <6ADAA1B5-7EF9-49EA-A3D9-6EFC57275EB9@ve7jtb.com>
References: <569E2231.1010107@gmx.net> <CAGBSGjpwZ929ZZHYiNpvqLvMDBrVFWaffZLQPwZn_xj7phsrpw@mail.gmail.com> <6ADAA1B5-7EF9-49EA-A3D9-6EFC57275EB9@ve7jtb.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 20 Jan 2016 11:38:50 -0700
Message-ID: <CA+k3eCS1ifU+QJyFtA=gOjSneg3Vh=3bf0CjnEijKTy=-9_xsw@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary=089e013c66d6dd1e860529c84db2
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/0f2b-0oNIHuNeIzgiN5kjzmIQ9w>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth 2.0 for Native Apps
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2016 18:39:23 -0000

There is
https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00#appendix-A
which has some mention of SFSafariViewController and Chrome Custom Tabs.

Maybe more is needed?

On Wed, Jan 20, 2016 at 10:45 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> Yes, in July we recommended using the system browser rather than WebViews.
>
>
> About that time Apple announced Safari view controller and Google Chrome
> custom tabs.   The code in the OS is now stable and we have done a fair
> amount of testing.
>
> The OIDF will shortly be publishing reference libraries for iOS and
> Android to how how to best use View Controllers, and PKCE in native apps on
> those platforms.
>
> We do need to update this doc to reflect what we have learned in the last
> 6 months.
>
> One problem we do still have is not having someone with Win 10 mobile
> experience to help document the best practices for that platform.
> I don’t understand that platform well enough yet to include anything.
>
> John B.
>
> On Jan 20, 2016, at 12:40 PM, Aaron Parecki <aaron@parecki.com> wrote:
>
> The section on embedded web views doesn't mention the new iOS 9
> SFSafariViewController which allows apps to display a system browser within
> the application. The new API doesn't give the calling application access to
> anything inside the browser, so it is acceptable for using with OAuth
> flows. I think it's important to mention this new capability for apps to
> leverage since it leads to a better user experience.
>
> I'm sure that can be addressed in the coming months if this document is
> just the starting point.
>
> I definitely agree that a document about native apps is necessary since
> the core leaves a lot of guessing room for an implementation.
>
> For reference,
> https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-DontLinkElementID_26
>
> And see the attached screenshot for an example of what it looks like.
>
> <embedded-oauth-view.png>
>
> ----
> Aaron Parecki
> aaronparecki.com
> @aaronpk <http://twitter.com/aaronpk>
>
>
> On Tue, Jan 19, 2016 at 3:46 AM, Hannes Tschofenig <
> hannes.tschofenig@gmx.net> wrote:
>
>> Hi all,
>>
>> this is the call for adoption of OAuth 2.0 for Native Apps, see
>> http://datatracker.ietf.org/doc/draft-wdenniss-oauth-native-apps/
>>
>> Please let us know by Feb 2nd whether you accept / object to the
>> adoption of this document as a starting point for work in the OAuth
>> working group.
>>
>> Note: If you already stated your opinion at the IETF meeting in Yokohama
>> then you don't need to re-state your opinion, if you want.
>>
>> The feedback at the Yokohama IETF meeting was the following: 16 persons
>> for doing the work / 0 persons against / 2 persons need more info
>>
>> Ciao
>> Hannes & Derek
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>