Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-16 Thread Thomas Broyer
Fwiw, French govt's FranceConnect, which uses OpenID Connect, has sample apps using web views, and not using PKCE :-( (haven't looked in more details; don't know whether their AS supports PKCE). I just implemented PKCE in Ozwillo 10 days ago after reading this doc. I still have some work to do to p

Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-15 Thread Eduardo Gueiros
+1 Being in the mobile space myself and constantly meeting with native app developers I've heard my share of horror stories on how OAuth was implemented, myself being guilty of being "creative" around OAuth. This draft is be of great value to those of us who are around these developers, we'll be h

Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-05 Thread William Denniss
Thank you everyone for your support, and adoption of this document! This spec doesn't modify the OAuth 2.0 protocol, rather it provides a set of technical guidelines for implementing OAuth 2.0 for native apps in a secure and usable way. The intent is a document that has the technical approval of t

Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-05 Thread John Bradley
The chairs approved this as a working group document. The initial version I posted is marked as an intended status as a "Best Current Practice” The advantage of a BCP is that it can be updated to include new information as things change. The spec has no extensions to OAuth 2 or MUST’s to profi

Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-05 Thread George Fletcher
+1 On 2/5/16 10:10 AM, Adam Lewis wrote: +1 that it should be Informational. Also, I never got to respond to the original request, but I am heavily in favor of this draft. I talk with a lot of native app developers who are clueless about how to implement OAuth. The core RFC is very web app o

Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-05 Thread Adam Lewis
+1 that it should be Informational. Also, I never got to respond to the original request, but I am heavily in favor of this draft. I talk with a lot of native app developers who are clueless about how to implement OAuth. The core RFC is very web app oriented. I look forward to having a more prof

Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-04 Thread Justin Richer
I’d like to note that when Tony brought up it being Experimental on the list, several of us (myself included) pointed out that Informational is the correct designation for this specification. — Justin > On Feb 4, 2016, at 2:18 PM, Hannes Tschofenig > wrote: > > Hi all, > > On January 19th

[OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

2016-02-04 Thread Hannes Tschofenig
Hi all, On January 19th I posted a call for adoption of the OAuth 2.0 for Native Apps specification, see http://www.ietf.org/mail-archive/web/oauth/current/msg15400.html There was very positive feedback during the Yokohama IETF meeting to work on this document in the OAuth working group. More tha