You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 19, 2023. It is now read-only.
As discussed at the ownCloud Conference 2017, there some best practice recommendations to improve trust and security when user login in the embedded web view.
As discussed at the ownCloud Conference 2017, there some best practice recommendations to improve trust and security when user login in the embedded web view.
This is is an article from Carnegy Mellon CERT that describes the motivation:
https://insights.sei.cmu.edu/cert/2016/08/the-risks-of-google-sign-in-on-ios-devices.html
Another article describes possible solutions with a contribution from Google:
https://www.pingidentity.com/en/blog/2016/03/10/using_appauth_to_enable_your_apps_with_mobile_sso.html
There is also a video recording available from the Google Team:
https://youtu.be/DdQTXrk6YTk
You will find very detailed information in a new IETF draft from OAuth Working Group:
https://tools.ietf.org/html/draft-ietf-oauth-native-apps (June 9, 2017)https://tools.ietf.org/html/rfc8252 (October 2017)
@nasli @pablocarmu Could you check how the ownCloud iOS client could be improved following the linked recommendation?
Related: owncloud/android#2036
00008274
The text was updated successfully, but these errors were encountered: