PS as you probably suspected I am in favour of moving this forward.
> On Jan 20, 2016, at 5:08 PM, Nat Sakimura <[email protected]> wrote: > > +1 for moving this forward. > > 2016年1月21日木曜日、John Bradley<[email protected] > <mailto:[email protected]>>さんは書きました: > Yes more is needed. It was theoretical at that point. Now we have > implementation experience. > >> On Jan 20, 2016, at 3:38 PM, Brian Campbell <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >> There is >> https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00#appendix-A >> <https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00#appendix-A> >> which has some mention of SFSafariViewController and Chrome Custom Tabs. >> >> Maybe more is needed? >> >> On Wed, Jan 20, 2016 at 10:45 AM, John Bradley <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> Yes, in July we recommended using the system browser rather than WebViews. >> >> About that time Apple announced Safari view controller and Google Chrome >> custom tabs. The code in the OS is now stable and we have done a fair >> amount of testing. >> >> The OIDF will shortly be publishing reference libraries for iOS and Android >> to how how to best use View Controllers, and PKCE in native apps on those >> platforms. >> >> We do need to update this doc to reflect what we have learned in the last 6 >> months. >> >> One problem we do still have is not having someone with Win 10 mobile >> experience to help document the best practices for that platform. >> I don’t understand that platform well enough yet to include anything. >> >> John B. >> >>> On Jan 20, 2016, at 12:40 PM, Aaron Parecki <[email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>> >>> The section on embedded web views doesn't mention the new iOS 9 >>> SFSafariViewController which allows apps to display a system browser within >>> the application. The new API doesn't give the calling application access to >>> anything inside the browser, so it is acceptable for using with OAuth >>> flows. I think it's important to mention this new capability for apps to >>> leverage since it leads to a better user experience. >>> >>> I'm sure that can be addressed in the coming months if this document is >>> just the starting point. >>> >>> I definitely agree that a document about native apps is necessary since the >>> core leaves a lot of guessing room for an implementation. >>> >>> For reference, >>> https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-DontLinkElementID_26 >>> >>> <https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-DontLinkElementID_26> >>> >>> And see the attached screenshot for an example of what it looks like. >>> >>> <embedded-oauth-view.png> >>> >>> ---- >>> Aaron Parecki >>> aaronparecki.com <http://aaronparecki.com/> >>> @aaronpk <http://twitter.com/aaronpk> >>> >>> >>> On Tue, Jan 19, 2016 at 3:46 AM, Hannes Tschofenig >>> <[email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>> Hi all, >>> >>> this is the call for adoption of OAuth 2.0 for Native Apps, see >>> http://datatracker.ietf.org/doc/draft-wdenniss-oauth-native-apps/ >>> <http://datatracker.ietf.org/doc/draft-wdenniss-oauth-native-apps/> >>> >>> Please let us know by Feb 2nd whether you accept / object to the >>> adoption of this document as a starting point for work in the OAuth >>> working group. >>> >>> Note: If you already stated your opinion at the IETF meeting in Yokohama >>> then you don't need to re-state your opinion, if you want. >>> >>> The feedback at the Yokohama IETF meeting was the following: 16 persons >>> for doing the work / 0 persons against / 2 persons need more info >>> >>> Ciao >>> Hannes & Derek >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> >> >> > > > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ <http://nat.sakimura.org/> > @_nat_en >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
