IETF Logo Mail Archive

Re: [OAUTH-WG] popular apps that use appauth?

William Denniss <wdenniss@google.com> Sun, 24 February 2019 17:43 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E87371295EC for <oauth@ietfa.amsl.com>; Sun, 24 Feb 2019 09:43:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCAbxtuh2XnN for <oauth@ietfa.amsl.com>; Sun, 24 Feb 2019 09:43:46 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBB1412958B for <oauth@ietf.org>; Sun, 24 Feb 2019 09:43:45 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id x9so5683307iog.12 for <oauth@ietf.org>; Sun, 24 Feb 2019 09:43:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9eDqyC8teOca9lKPG7kLW9GUe8GstujE/HDVUyG8mlQ=; b=CByke5/WSgWdMo1RYkVQ8HfDFc7OcGrHnUCF4TcSM/UdWwiUg1fNbn1MIiCIX1S0vQ TT0hBOMpYJ1pTLAPtmQ87xl4RSTrs08uiwcg5i7xwtNhvkrkqzfM2eB57iVYzE+iK6TM d3teyp3dKjnr3IVUSKO1aghfOS4hSpcBxin0BXWfOyDtD5GlJczS5gN9o5etAVPqULvP FWWxZ4OHQn8l+5hm0UC6PN3qHgnxs3D7T0YAWGydgm6Kzqk4kBarRu/xkro+e/RV975A utB+h/kYktmWHuXpI2eND04/DnZDPB7TsRUoyNO/58N2ubZIRC/NVvVMpVotJmhq8iq0 QbOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9eDqyC8teOca9lKPG7kLW9GUe8GstujE/HDVUyG8mlQ=; b=s1GRS8cW3kffzUc4gblbnTJjg7cLmAFXaM/5gaOEcjBh23rf72p/m8xZuFsUvFUI0Y hvfnunSTELfmS4ZW4Xn8jTUMXZeSNCelpIZO5B1qAtzAxS/h02KPyypYiBzuyp5TOzRV KmxSGs8UwyJqpxPSQmSru6F1WKvz5ZBdkbQLNAztMupPksCbQEL252LV55NLvtcMiDuG uJ70ZtsGuRmEDwxns3VDUCKth86EocGFJTFoz5kgFgFTLUTe40WRXZKK5VAOsh+oRzK+ ImYf77MA7EQbe7cwH1IS+hIraEnHnwlpIUwpcQaq7ccxp6hJStQMp02e7YxhbC/HM0R9 wvGg==
X-Gm-Message-State: AHQUAuanCIOpaIWinqedeZKshBvG9pnsDUkSCY84H3wzjJC/h96yyH6v DlUaVPVUaSP831VUd2AlWPzsoAi7zGLY3mwHz216hw==
X-Google-Smtp-Source: AHgI3Ia5fUeCWAtTUNxD9XXTVzjQqIIyl32AlyYeD7i+pfTNNvfVTtCNLXPW+iRnN5ZZfPwNH76KyDrprZBqJX8d3NU=
X-Received: by 2002:a6b:8fd7:: with SMTP id r206mr7631744iod.5.1551030224634; Sun, 24 Feb 2019 09:43:44 -0800 (PST)
MIME-Version: 1.0
References: <67bf27b0-e7d6-4710-ba6e-f46809d60d77@getmailbird.com> <CAO7Ng+v7vCy_cnm00YryN11P5JZngm5R51pBJ5+rQYBF43yz1A@mail.gmail.com> <5dda37c0-e3c5-5e64-347b-25d561072232@ve7jtb.com> <c6f71d94-12f4-4f99-b373-c9f815325da1@getmailbird.com>
In-Reply-To: <c6f71d94-12f4-4f99-b373-c9f815325da1@getmailbird.com>
From: William Denniss <wdenniss@google.com>
Date: Sun, 24 Feb 2019 09:43:31 -0800
Message-ID: <CAAP42hCO4m=tmj3omgg+EH2CguF_OVocUzbSwnWRnyb2MQZYVQ@mail.gmail.com>
To: Brock Allen <brockallen@gmail.com>
Cc: John Bradley <ve7jtb@ve7jtb.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000093a08e0582a75d19"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/g9jwiv5ONJE4ryr0Ne-I0AoZ3r8>
Subject: Re: [OAUTH-WG] popular apps that use appauth?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Feb 2019 17:43:48 -0000

For apps signing-in third party (3P) users on iOS, Google Sign-in does require
<https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html>it
(for 2.5 years & counting now), I'm also noticing it all over the place in
other apps for 3P sign-in as it's really the only viable option for 3P
sign-in - which is the argument we make in RFC 8252.

First party (1P) sign-in is an interesting case, since for 1P there are
more options available. Google apps do use the ASWebAuthenticationSession
for 1P user sign-in, simply go "Add another account" in an app like Maps to
try. I've noticed a few other apps doing this of late as well, such as
Target which uses SFSVC for sign-in of their own 1P users, which I assume
was implemented before ASWebAuthenticationSession existed.

For 1P sign-in, there are several good reasons to go with
ASWebAuthenticationSession, like syncing the signed-in session with Safari
and using it if it already exists.


On Sun, Feb 24, 2019 at 7:32 AM Brock Allen <brockallen@gmail.com> wrote:

> > Interestingly I was told that switching to AppAuth increased login
> conversions for them with YouTube. That was a while ago.
>
> I think you just said the magic words that marketing folks like to hear.
> Thanks all.
>
> -Brock
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email