Fwiw, French govt's FranceConnect, which uses OpenID Connect, has sample apps using web views, and not using PKCE :-( (haven't looked in more details; don't know whether their AS supports PKCE). I just implemented PKCE in Ozwillo 10 days ago after reading this doc. I still have some work to do to properly support native apps though, and then I could build a sample app.
Le mar. 16 févr. 2016 00:18, Eduardo Gueiros <eguei...@jive.com> a écrit : > +1 Being in the mobile space myself and constantly meeting with native app > developers I've heard my share of horror stories on how OAuth was > implemented, myself being guilty of being "creative" around OAuth. > > This draft is be of great value to those of us who are around these > developers, we'll be helping bringing awareness about the correct practices > suggested in the document. > > On Fri, Feb 5, 2016 at 8:10 AM, Adam Lewis < > adam.le...@motorolasolutions.com> wrote: > >> +1 that it should be Informational. >> >> Also, I never got to respond to the original request, but I am heavily in >> favor of this draft. I talk with a lot of native app developers who are >> clueless about how to implement OAuth. The core RFC is very web app >> oriented. I look forward to having a more profiled RFC to point them to :-) >> >> adam >> >> On Thu, Feb 4, 2016 at 7:13 PM, Justin Richer <jric...@mit.edu> wrote: >> >>> I’d like to note that when Tony brought up it being Experimental on the >>> list, several of us (myself included) pointed out that Informational is the >>> correct designation for this specification. >>> >>> — Justin >>> >>> > On Feb 4, 2016, at 2:18 PM, Hannes Tschofenig < >>> hannes.tschofe...@gmx.net> wrote: >>> > >>> > Hi all, >>> > >>> > On January 19th I posted a call for adoption of the OAuth 2.0 for >>> Native >>> > Apps specification, see >>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15400.html >>> > >>> > There was very positive feedback during the Yokohama IETF meeting to >>> > work on this document in the OAuth working group. More than 10 persons >>> > responded positively to the call on the mailing list as well. >>> > >>> > Several persons provided additional input for content changes during >>> the >>> > call and here are the relevant links: >>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15434.html >>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15435.html >>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15438.html >>> > >>> > Tony also noted that this document should become an Experimental RFC >>> > rather than a Standards Track RFC. The chairs will consult with the >>> > Security Area directors on this issue. >>> > >>> > To conclude, based on the call <draft-wdenniss-oauth-native-apps> will >>> > become the starting point for work in OAuth. Please submit the document >>> > as draft-ietf-oauth-native-apps-00.txt. >>> > >>> > Ciao >>> > Hannes & Derek >>> > >>> > >>> > >>> > _______________________________________________ >>> > OAuth mailing list >>> > OAuth@ietf.org >>> > https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> > > > -- > -- > *Eduardo Gueiros* > *Director, Mobile B.U.* | Jive Communications, Inc. > jive.com | *eguei...@jive.com <eguei...@jive.com>* > <http://www.facebook.com/jive.communications.inc> > <http://www.twitter.com/getjive> <http://goplus.us/jive> > <http://www.youtube.com/jivetalks> > <http://www.linkedin.com/company/jive-communications-inc> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
