Add section in the "Implementation Advice" document about supporting Mobile Apps
Issue #260
open
We discussed on the call adding a section around supporting mobile apps on auth journeys.
My suggestion would be that this section mentions:
- FAPI RW supports mobile apps using standard OAuth based redirects using claimed HTTPS scheme
- Some details on how claimed https works - with Apple / Android specific instructions
- Specific recommendations on how user agents for RPs can support both claimed https and normal https links with the best user experience (this is not easy!!!)
- Recommendations on how to support multiple brands (e.g. multiple discovery docs…)
- Explanation of the use-cases where FAPI-CIBA is applicable and any implementation considerations
Comments (5)
-
-
reporter - changed status to open
-
reporter -
assigned issue to
-
assigned issue to
-
reporter - changed component to Implementation & Deployment Advice
-
@Dave Tonge Any updates?
George pointed out that Android’s app link is not as secure and that’s where app attestation comes into play.
Joseph pointed out that in the latest Android, it is fixed, but it will take a long time for Android deployments to catch up.
- Log in to comment
I’ve written up some notes on app2app / claimed https here: https://josephheenan.blogspot.com/2019/08/implementing-app-to-app-authorisation.html