> On Feb 25, 2019, at 4:56 AM, Vittorio Bertocci wrote:
>
> The callbacks do avoid the loopback, which is great, but the usability
> remains harder than mobile and the embedded case: the auth tab appears among
> others, the modal windows remain a possibility, etc - the level of
> sophisticat
Win 10 2019H1 has a WebAuthn API for third party apps. Chrome and Fire
Fox are now using it.
Trusted browsers have some whitelisting involved. Other apps will be able
to use the API eventually. There are some issues around the RPID for apps
and websites that may make the authentication broker
The callbacks do avoid the loopback, which is great, but the usability
remains harder than mobile and the embedded case: the auth tab appears
among others, the modal windows remain a possibility, etc - the level of
sophistication of the target audience of the github app can definitely
(hopefully?)
I wish I could edit emails. Fixing some meaning changing typos.
True, the WAB is perhaps the best approximation of a desktop system
browser-like feature, but it doesn't solve Mac or Linux. Even within the
Windows world, Win10 usage pulled ahead of Win7 only in January, and
barely- and the WAB isn'
A good example of a desktop application using browser authentication is
Github for Desktop.
They use custom URLs/callbacks for both OSX and Windows. Works very well.
———
Dominick
On 25. February 2019 at 11:48:20, Vittorio Bertocci (
vittorio=40auth0@dmarc.ietf.org) wrote:
Ahh, as John knows
True, the WAB is perhaps the best approximation of a desktop system
browser-like feature, but it doesn't solve Mac or Linux. Even within the
Windows world, Win10 usage pulled ahead of Win7 only in January, and
barely- and the WAB isn't available on Win7.
In fact, you bring up an excellent point. I
On Windows Web Authentication broker is a option.
https://docs.microsoft.com/en-us/uwp/api/Windows.Security.Authentication.Web
I have encouraged Apple to provide a SSO service on OSX.
The availability of WebAuthn in browsers may make the platforms rethink
some things.
John B.
On Mon, Feb 25,
Ahh, as John knows this is a big pet peeve for me :)
Although that's all true on mobile, on desktop things are more complicated.
- Using a system browser on the desktop (Linux/Mac/Windows) means that
you don't control the experience (there might be modal dialogs occluding
the browser or
> On Feb 24, 2019, at 10:43 AM, William Denniss
> wrote:
>
> For 1P sign-in, there are several good reasons to go with
> ASWebAuthenticationSession, like syncing the signed-in session with Safari
> and using it if it already exists.
With enterprise 3P, you’ll have to use some web agent for a
> Interestingly I was told that switching to AppAuth increased login
>conversions for them with YouTube. That was a while ago.
I think you just said the magic words that marketing folks like to hear. Thanks
all.
-Brock___
OAuth mailing list
OAuth@iet
I have been told that YouTube and other Google apps on iOS use the
AppAuth flow. I don't know if they use the AppAuth SDK or just follow
the pattern.
Interestingly I was told that switching to AppAuth increased login
conversions for them with YouTube. That was a while ago.
John B.
On 2/2
Offhand, Google Apps on iOS. Also the Facebook SDK uses a similar pattern.
I believe third party apps which use Google for SSO are mandated to use it as
well. Slack and Pokémon Go, for examples.
A few apps will also use it or a similar pattern (for SAML) once they have
determined it is an ent
The Uber app uses it for their OAuth flow to PayPal e.g.
———
Dominick
On 23. February 2019 at 18:05:33, Brock Allen (brockal...@gmail.com) wrote:
I often have push back from customers (mainly the marketing department/UX
folks) when suggesting AppAuth for native/mobile apps (IOW RFC8252). They
as
I often have push back from customers (mainly the marketing department/UX
folks) when suggesting AppAuth for native/mobile apps (IOW RFC8252). They ask
for examples of any other popular or well known apps that follow this practice.
Does anyone on this list have examples?
TIA
-Brock
__
14 matches
Mail list logo