Hi,
I've read rfc8252 and have questions about native apps, that I couldn't
find answers on Internet.
Imagine an attacker doing:
1. original app and authorization server conforms to rfc8252 4.1.
Authorization Flow for Native Apps Using the Browser
2. clone the original app, name it malicious app
he phone is not compromised.
>
> On Tue, Sep 10, 2019 at 9:58 AM Masakazu OHTSUKA
> wrote:
>
>> Hi,
>>
>> I've read rfc8252 and have questions about native apps, that I couldn't
>> find answers on Internet.
>>
>> Imagine an attacker doing:
&
t; The security assumptions are
>
> 1. Phone is not rooted;
> 2. App Store's vetting of claimed URI is not compromised; etc.
>
> Nat Sakimura
> Chairman, OpenID Foundation
> https://nat.sakimura.org
> 2019年9月11日 4:27 +0900、Masakazu OHTSUKA のメール:
>
> I see.
>
> The
