OAuth 2.0 for Native Apps
draft-ietf-oauth-native-apps-12

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-oauth-native-apps@ietf.org, oauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Hannes.Tschofenig@gmx.net, oauth@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'OAuth 2.0 for Native Apps' to Best Current Practice (draft-ietf-oauth-native-apps-12.txt)

The IESG has approved the following document:
- 'OAuth 2.0 for Native Apps'
  (draft-ietf-oauth-native-apps-12.txt) as Best Current Practice

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/

Ballot Text

Technical Summary

   OAuth 2.0 authorization requests from native apps should only be made
   through external user-agents, primarily the user's browser.  This
   specification details the security and usability reasons why this is
   the case, and how native apps and authorization servers can implement
   this best practice.

Working Group Summary

   The OAuth 2.0 authorization framework, documents two approaches for 
   native apps to interact with the authorization endpoint: via an 
   embedded user-agent, or an external user-agent.

   This document recommends external user-agents like in-app browser
   tabs as the only secure and usable choice for OAuth. 
   
   There is solid working group consensus to publish this document.

Document Quality

  Implementations are included in the shepherd report.

Personnel
  Hannes Tschofenig is the document shepherd and the responsible area 
  director is Kathleen Moriarty.

RFC Editor Note