You can make your app an OIDC self-issued IdP for your website. One of my clients are using the mechanism for Native App SSO, where an OIDC self-issued IdP embedded in the Native App is acting as IdP for the backend IdP server.
Unfortunately I have no english document now, but this slide describes the mechanism. https://speakerdeck.com/rtechkouhou/openid-connect-self-issued-idpwoying-yong-sitasingle-sign-onfalseshi-zhuang iPadから送信 > 2021/03/13 3:24、SOMMER, DOMINIK <dominik.som...@milesandmore.com>のメール: > > > Hi all, > > we have recently launched a mobile app that uses our website’s login and > authorization code flow to authenticate and authorize user access (following > RFC8252). > > However, not all of our website features are natively ported to the app > itself. Some are only available on the website in logged-in state. That’s why > we implemented an authorization handover mechanism based on one-time login > codes: This allows the app (in logged-in state) to open a web view and hand > over authentication & authorization, effectively logging the user in on the > website. This achieves a seamless experience for the user without > compromising on security. > > We came up with this mechanism after researching for prior practice, but we > couldn’t find anything applicable for this scenario. > > Hence, three questions to the list: > 1. Did we miss anything in our research? Is there a common best practice > available? > 2. If the answer to 1. is “No”, would the working group appreciate an RFC > draft describing the solution we came up with? (We’d be eager for comments to > make it even more secure J ) > 3. If the answer to 2. is “Yes”, can someone point me to documentation on the > procedure, if such exist? > > Thanks for your support and > best regards, > Dominik > > Sitz der Gesellschaft / Corporate Headquarters: Miles & More GmbH, Frankfurt > am Main, Registereintragung / Registration: Amtsgericht Frankfurt am Main HRB > 116409 > Geschaeftsfuehrung / Management Board: Sebastian Riedle, Dr. Oliver Schmitt > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
