[OAUTH-WG] OAuth 2.0 for Native Apps: open source client libraries for Android and iOS now available

William Denniss <wdenniss@google.com> Fri, 26 February 2016 19:31 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B055F1B2EF1 for <oauth@ietfa.amsl.com>; Fri, 26 Feb 2016 11:31:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.515
X-Spam-Level:
X-Spam-Status: No, score=0.515 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GLff-PWErFLV for <oauth@ietfa.amsl.com>; Fri, 26 Feb 2016 11:31:09 -0800 (PST)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C0DD1B2EEF for <oauth@ietf.org>; Fri, 26 Feb 2016 11:31:09 -0800 (PST)
Received: by mail-oi0-x236.google.com with SMTP id m82so68631066oif.1 for <oauth@ietf.org>; Fri, 26 Feb 2016 11:31:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=n7XbIyAjS2Tp/QES/JQdhuCoAlcp8r/qkEvgPmxuv8U=; b=f9C9xHI8UEMnTtECSOrFg/pJ+DGTWyGgWYeQA15JNZYGM7G5G1NMcZc+UCueIaIROK H4BdZpzMXcm4kXE2XJikopojgXHRwzzkqeLr+IlvbuZl2hM+gejcW5VYzCJQFnJQVWUQ ZHzPlBTjzLYI+JEYFFWO8e0U3Atf5HoJlI6f5HSzfOts6vm0DkNzugYcIJO83lBupdka Yy7kHXzmgcFaCmxXkpLsP2znHKFr+X5OL3ykreLf4xvmRltVBrAO9niCfyS6WqosEu4F 7mISPhHSlJ7y7JXkcJA6HReuznd9DTt5fTHXUGthBjeXFEYX4K4UkeHSCTKO71jDQcZI 0RpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=n7XbIyAjS2Tp/QES/JQdhuCoAlcp8r/qkEvgPmxuv8U=; b=Jc/mahsg/DPHlQ279dUGRwEDiG9ehe9J59fbDiUjbCwhXez+cfKsN0NhcKTQePnmj9 Q+f+qUPIafGtwrkWr6D0oAl4i4vt4MRDv+CtFbPE/HG2xpSw2Bsr7Kb67aeGZMPz7o4J yPx3+f6vtR7+sQwKqbtEwHTv450LhaT0OYLDXpoxjL8GiP3vP6Fn3NPps4UfYtm2uhu9 AYOQ7HBdl3F5/EmzHdI1jvsDyXkICzZHh11GejOGOV1C9Eq7xHd4nyIfDbhuX1r7qVbq wN3TbGf3g/ZgOwpDsSsphhU1O5rrqOttS4Xh6XOoN23Y8R7L1HRpuGYHqRE5dCbchCsG epfw==
X-Gm-Message-State: AD7BkJLBhEMYekmKoPYvJW4joGDZbt/iyTxV4DInc+HTShWhQ2CoOOKH4HELRP76fALx2HlrT/3GMtyrAny7eToT
X-Received: by 10.202.65.65 with SMTP id o62mr2467531oia.13.1456515068359; Fri, 26 Feb 2016 11:31:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.79.233 with HTTP; Fri, 26 Feb 2016 11:30:48 -0800 (PST)
From: William Denniss <wdenniss@google.com>
Date: Fri, 26 Feb 2016 11:30:48 -0800
Message-ID: <CAAP42hABB4mrGuLv24fXhiE4E-Yupi=jU2O8nczd4rMo5RLJgQ@mail.gmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary=001a113cc9c6431ba3052cb157d4
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/hDI_XGoBrYJel4IWuandz0Bnl3I>
Subject: [OAUTH-WG] OAuth 2.0 for Native Apps: open source client libraries for Android and iOS now available
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 19:31:11 -0000

The Google Identity team this week open sourced AppAuth for Android and
iOS. AppAuth is a client library for OAuth that enables native Android and
iOS apps to perform authorization flows in a secure and usable way using
in-app browser tabs (Custom Tabs on Android, SFSafariViewController on
iOS), fully supporting the draft best practice
<https://tools.ietf.org/html/draft-ietf-oauth-native-apps> for performing
standards-based auth in native apps.

The libraries are opinionated and follow the draft best practice
completely. Low-level protocol APIs are exposed allowing customizability
including the ability to support OAuth extensions and custom parameters.
Higher level convenience APIs are also provided to assist with auth state
management, and encapsulate common requests like exchanging the
authorization code and making API calls with fresh tokens.

You can grab the code here:
https://openid.github.io/AppAuth-Android
https://openid.github.io/AppAuth-iOS

The library should work with any Authorization Server that supports public
clients with custom URI scheme and/or app-claimed HTTPS redirects (custom
URI schemes are still required for full backwards compatibility support,
though on newer systems app-claimed HTTPS links are viable – both are
supported by the library). We have verified interop with the Google and
PingFederate OAuth implementations.

Please give it a spin, and let me know how it works with your own
implementations!