[OAUTH-WG] OAuth 2.0 for Native Apps: open source client libraries for Android and iOS now available
William Denniss <wdenniss@google.com> Fri, 26 February 2016 19:31 UTC
Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B055F1B2EF1 for <oauth@ietfa.amsl.com>; Fri, 26 Feb 2016 11:31:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.515
X-Spam-Level:
X-Spam-Status: No, score=0.515 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GLff-PWErFLV for <oauth@ietfa.amsl.com>; Fri, 26 Feb 2016 11:31:09 -0800 (PST)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C0DD1B2EEF for <oauth@ietf.org>; Fri, 26 Feb 2016 11:31:09 -0800 (PST)
Received: by mail-oi0-x236.google.com with SMTP id m82so68631066oif.1 for <oauth@ietf.org>; Fri, 26 Feb 2016 11:31:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=n7XbIyAjS2Tp/QES/JQdhuCoAlcp8r/qkEvgPmxuv8U=; b=f9C9xHI8UEMnTtECSOrFg/pJ+DGTWyGgWYeQA15JNZYGM7G5G1NMcZc+UCueIaIROK H4BdZpzMXcm4kXE2XJikopojgXHRwzzkqeLr+IlvbuZl2hM+gejcW5VYzCJQFnJQVWUQ ZHzPlBTjzLYI+JEYFFWO8e0U3Atf5HoJlI6f5HSzfOts6vm0DkNzugYcIJO83lBupdka Yy7kHXzmgcFaCmxXkpLsP2znHKFr+X5OL3ykreLf4xvmRltVBrAO9niCfyS6WqosEu4F 7mISPhHSlJ7y7JXkcJA6HReuznd9DTt5fTHXUGthBjeXFEYX4K4UkeHSCTKO71jDQcZI 0RpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=n7XbIyAjS2Tp/QES/JQdhuCoAlcp8r/qkEvgPmxuv8U=; b=Jc/mahsg/DPHlQ279dUGRwEDiG9ehe9J59fbDiUjbCwhXez+cfKsN0NhcKTQePnmj9 Q+f+qUPIafGtwrkWr6D0oAl4i4vt4MRDv+CtFbPE/HG2xpSw2Bsr7Kb67aeGZMPz7o4J yPx3+f6vtR7+sQwKqbtEwHTv450LhaT0OYLDXpoxjL8GiP3vP6Fn3NPps4UfYtm2uhu9 AYOQ7HBdl3F5/EmzHdI1jvsDyXkICzZHh11GejOGOV1C9Eq7xHd4nyIfDbhuX1r7qVbq wN3TbGf3g/ZgOwpDsSsphhU1O5rrqOttS4Xh6XOoN23Y8R7L1HRpuGYHqRE5dCbchCsG epfw==
X-Gm-Message-State: AD7BkJLBhEMYekmKoPYvJW4joGDZbt/iyTxV4DInc+HTShWhQ2CoOOKH4HELRP76fALx2HlrT/3GMtyrAny7eToT
X-Received: by 10.202.65.65 with SMTP id o62mr2467531oia.13.1456515068359; Fri, 26 Feb 2016 11:31:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.79.233 with HTTP; Fri, 26 Feb 2016 11:30:48 -0800 (PST)
From: William Denniss <wdenniss@google.com>
Date: Fri, 26 Feb 2016 11:30:48 -0800
Message-ID: <CAAP42hABB4mrGuLv24fXhiE4E-Yupi=jU2O8nczd4rMo5RLJgQ@mail.gmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a113cc9c6431ba3052cb157d4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/hDI_XGoBrYJel4IWuandz0Bnl3I>
Subject: [OAUTH-WG] OAuth 2.0 for Native Apps: open source client libraries for Android and iOS now available
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 19:31:11 -0000
The Google Identity team this week open sourced AppAuth for Android and iOS. AppAuth is a client library for OAuth that enables native Android and iOS apps to perform authorization flows in a secure and usable way using in-app browser tabs (Custom Tabs on Android, SFSafariViewController on iOS), fully supporting the draft best practice <https://tools.ietf.org/html/draft-ietf-oauth-native-apps> for performing standards-based auth in native apps. The libraries are opinionated and follow the draft best practice completely. Low-level protocol APIs are exposed allowing customizability including the ability to support OAuth extensions and custom parameters. Higher level convenience APIs are also provided to assist with auth state management, and encapsulate common requests like exchanging the authorization code and making API calls with fresh tokens. You can grab the code here: https://openid.github.io/AppAuth-Android https://openid.github.io/AppAuth-iOS The library should work with any Authorization Server that supports public clients with custom URI scheme and/or app-claimed HTTPS redirects (custom URI schemes are still required for full backwards compatibility support, though on newer systems app-claimed HTTPS links are viable – both are supported by the library). We have verified interop with the Google and PingFederate OAuth implementations. Please give it a spin, and let me know how it works with your own implementations!
- [OAUTH-WG] OAuth 2.0 for Native Apps: open source… William Denniss
- Re: [OAUTH-WG] OAuth 2.0 for Native Apps: open so… Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 2.0 for Native Apps: open so… Eduardo Gueiros
- Re: [OAUTH-WG] OAuth 2.0 for Native Apps: open so… Dominick Baier