Additional Security Considerations for Custom URI Schemes on iOS
Issue #2066
resolved
Tom Jones suggested adding this additional Security Considerations text about Custom URI Schemes on iOS:
While it is possible to assign handlers to URIs, and it is possible that the o/s could help the user select the correct handler, it is not possible to guarantee that the handler for a given URI has not been completely taken over by a subsequently installed native app. At the time this was written there appears to be no fool-proof mitigation for this vulnerability.
Comments (2)
-
reporter -
reporter - changed status to resolved
- Log in to comment
To be fixed by https://bitbucket.org/openid/connect/pull-requests/628