Re: [OAUTH-WG] OAuth 2.0 for Native Apps: open source client libraries for Android and iOS now available

Hannes Tschofenig <> Fri, 11 March 2016 09:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9929E12D5D4 for <>; Fri, 11 Mar 2016 01:54:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0sGSCVGGiWPm for <>; Fri, 11 Mar 2016 01:54:45 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A2C0912D5CE for <>; Fri, 11 Mar 2016 01:54:44 -0800 (PST)
Received: from [] ([]) by (mrgmx103) with ESMTPSA (Nemesis) id 0MfVzj-1aT6Yk4B1H-00P6f7; Fri, 11 Mar 2016 10:54:42 +0100
To: William Denniss <>, "" <>
References: <>
From: Hannes Tschofenig <>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <>
Date: Fri, 11 Mar 2016 10:54:41 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="vmSqTc2bH2RrvxcBvsJ6lSgK6po6vUqfm"
X-Provags-ID: V03:K0:KTyYg3K8Xnq6HGD/j8ndicWUW83BI5dOb8wlctXBJzZTd9/5XIN wsWxJeh1nH3Z+P9Fvx5FUczSHj8FK07ehum9W5V5I0UbFQHW++jtUOR/n9AqspAnTnoPf4T x+NXMSni/SVdE7TlFx7Gj7sg6isiyfuUOabkKdngu03Kai1cc7rUonHoXQYH7EAabI61iSy I2GyoT4Ru0LchUwquRuSw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:KtjjhclL1DM=:DOTGWOfhmO6JGSXom4V5hS 2xDHhF1qMnBfIjnEo3/RpS95kHD6vCl23AGboUWSM3X3Yr1C88XsMT3WpmdEbywsCfLQevIsm c/HR9xLZklGXavcdrBVQ4KyX5P5x9x4lT/9jEJ3JMUm22V5RF7veA0/5z3Glc+9c2fBuY4pgV ICsslO4vPLWK29RceRJOL8NECbfrrcpb4aajLf98teOMpG47m5DCYW0gIavpBE4XNlikfiPhl QSVG2AyBiSTreC1u2540jaLk6E0a3TCvBGW53B2mUHxYPuBuEFca9AYeiCnWU54bWS9yh+EEX dJGev4aJjH0SEtpTlGr4e3nJW+7Ynlo5CfrpLjq9LhbNswDKc7/rWEGFUM7+PbhF8Xf/gqRGS 8vatdoz5GxFfWjncpnhZyCKRwNaC5wHNnLIqlsfpWzxeyhHNybY5Gwu/QJ0lV4TQjc2dONR0h sVD2SMwAPdQDW0Gg0pgjqk+iHk1NeVrKhK0s7b0Byqv5chrE4aTms3JPgI8aENMVnTeA0zwhO KdcvZ+Yj9RSfftTBmMcr9zhsQFceB4bOIjSfj55q4jxl92O0lBHdweBnsiRGjnT6yi0i0YW1J pRI/E3p/SjK+s1b+LhT+YWAvMq/ryS7RvBpw6sm7Be635iximu3qU+S8dzBN/QxV7P+XFFoaq tZ2rVpWTsAeWTUGKstHN4kg7rgcFDn399JGQMtiPRxldhFKqgiTCDFPZeHQf31bTKYatxm556 8gsFFL4Qo4luy8g/ZTUgzy45tpUFDbLKINmSdbFgjThNWjMalR+Pq32E8V0=
Archived-At: <>
Subject: Re: [OAUTH-WG] OAuth 2.0 for Native Apps: open source client libraries for Android and iOS now available
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 11 Mar 2016 09:54:46 -0000

Hi William,

sorry for the late response but I just wanted to note that I really
appreciate your efforts around making code available for specifications
we are developing. The implementation efforts that take place currently
with specification writing have always provided a lot of valuable feedback.

I will take a look at your libraries in the near future since I am
interested in using those myself for the IoT environment.


On 02/26/2016 08:30 PM, William Denniss wrote:
> The Google Identity team this week open sourced AppAuth for Android and
> iOS. AppAuth is a client library for OAuth that enables native Android
> and iOS apps to perform authorization flows in a secure and usable way
> using in-app browser tabs (Custom Tabs on Android,
> SFSafariViewController on iOS), fully supporting the draft best practice
> <> for
> performing standards-based auth in native apps.
> The libraries are opinionated and follow the draft best practice
> completely. Low-level protocol APIs are exposed allowing customizability
> including the ability to support OAuth extensions and custom parameters.
> Higher level convenience APIs are also provided to assist with auth
> state management, and encapsulate common requests like exchanging the
> authorization code and making API calls with fresh tokens.
> You can grab the code here:
> The library should work with any Authorization Server that supports
> public clients with custom URI scheme and/or app-claimed HTTPS redirects
> (custom URI schemes are still required for full backwards compatibility
> support, though on newer systems app-claimed HTTPS links are viable –
> both are supported by the library). We have verified interop with the
> Google and PingFederate OAuth implementations.
> Please give it a spin, and let me know how it works with your own
> implementations!
> _______________________________________________
> OAuth mailing list