On Fri, Jun 25, 2010 at 10:33 PM, Torsten Lodderstedt <tors...@lodderstedt.net> wrote: > comment/question regarding the Embedded Browser scenario: Is the URL bar and > SSL verification symbols (lock + green bar) visible in that scenario? > Otherwise, the user has no chance to verify the identity of the IDP/OAuth > server. So there might be problems regarding password phishing .
AFAIK the URL bar is not visible. Who would phish the end user? If it is the native app, then all bets are off regardless, the native app can show a fake address bar if it really wants. Marius > > regards, > Torsten. > > Am 22.06.2010 02:54, schrieb Marius Scurtescu: >> >> Here is the wiki page: http://wiki.oauth.net/OAuth-2-for-Native-Apps >> >> Feel free to edit or comment. >> >> Marius >> >> >> >> On Wed, Jun 9, 2010 at 10:59 AM, David Recordon<record...@gmail.com> >> wrote: >> >>> >>> Want to put this on the wiki http://wiki.oauth.net/? >>> >>> >>> On Mon, Jun 7, 2010 at 12:25 PM, Marius Scurtescu<mscurte...@google.com> >>> wrote: >>> >>>> >>>> Hi, >>>> >>>> I attached a document that summaries how native applications can use >>>> OAuth 2. >>>> >>>> Feedback more than welcome, especially if you have experience with >>>> native apps and OAuth. >>>> >>>> The current Web Server and Device flows need small changes and >>>> clarifications in order to properly support native apps, I will start >>>> a separate thread on that. >>>> >>>> Marius >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>>> >>>> >>> >>> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
