https://tools.ietf.org/html/draft-ietf-oauth-native-apps
They are OpenID foundation library's not Google's. Google, Ping and a number of others are active contributors if you look at the git repositories. John B. On Jan 26, 2017 7:13 AM, "Dario Teixeira" <[email protected]> wrote: > Hi, > > +1 to AppAuth >> >> One disturbing pattern I see for mobile apps relaying the idtoken is >> that the aud isn't checked by the AS in the Oauth exchange. This in >> part caused by the fact that the mobile app has two client-id >> identifiers. If the aud only has the clientid for the OIDC call this >> can be a problem if the AS doesn't know what that id is (since it >> didnt issue the id). If the issued id token does not have an aud value >> the AS can recognize it should be rejected. >> > > Is the AppAuth pattern documented somewhere? There's a chance I may not > be able to use Google's libraries... > > Best regards, > Dario Teixeira > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
