Technical Summary
OAuth 2.0 authorization requests from native apps should only be made
through external user-agents, primarily the user's browser. This
specification details the security and usability reasons why this is
the case, and how native apps and authorization servers can implement
this best practice.
Working Group Summary
The OAuth 2.0 authorization framework, documents two approaches for
native apps to interact with the authorization endpoint: via an
embedded user-agent, or an external user-agent.
This document recommends external user-agents like in-app browser
tabs as the only secure and usable choice for OAuth.
There is solid working group consensus to publish this document.
Document Quality
Implementations are included in the shepherd report.
Personnel
Hannes Tschofenig is the document shepherd and the responsible area
director is Kathleen Moriarty.