I am a bit skeptical about this one. I’m not convinced we should be recommending native UI until/unless we have a really good story around authenticating first-party apps. Without such a story, I don’t think this should be adopted. Unless I’m mistaken, a native UI also rules out WebAuthn/FIDO-based authenticators? We should not be adopting drafts that increase phishing risks for the sake of aesthetics.
— Neil > On 3 Sep 2024, at 11:46, Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> wrote: > > All, > > As per the discussion in Vancouver, this is a call for adoption for the First > Party Apps draft: > https://datatracker.ietf.org/doc/draft-parecki-oauth-first-party-apps/ > <https://datatracker.ietf.org/doc/draft-parecki-oauth-first-party-apps/> > > Please, reply on the mailing list and let us know if you are in favor or > against adopting this draft as WG document, by Sep 17th. > > Regards, > Rifaat & Hannes > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
