Difference between revisions of "Native App URI Handlers"
From MgmtWiki
(→Problems) |
(→References) |
||
| (14 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
| − | A [[Native App]] can register to | + | A [[Native App]] can register to intercept [[URI]] calls (eg HTTP and other schemes) from the browser on the [[User Device]], |
==Context== | ==Context== | ||
| − | * | + | * Many web applications would like to improve their [[User Experience]] by installing a [[Native App]] on the user device to provide more performant responses to user input. This has been enabled on most [[User Device]]s by operating system enhancement that allow the registration of the web site's URL and intercepting HTTP requests so that they can be partially or fully handled on the local device. |
==Problems== | ==Problems== | ||
| − | * | + | * Several [[Identity Management]] problems can potentially be solved by this same mechanism. |
| + | * If the user wishes to create [[Self-issued Identifier]]s that can act like [[Identifier or Attribute Provider]]s to a [[Relying Party]] they can install such a provider on their own device and redirect calls for authentication back to themselves. | ||
==Solutions== | ==Solutions== | ||
| + | * [[Linking to Apps]] is available in all of the major mobile planforms, Android, Apple IOS, Microsoft UWP. | ||
| + | ** But note that Chrome 72 (at least on Android) had a bug as tracked on [https://github.com/openid/AppAuth-Android/issues/448 this site/] | ||
| + | *OpenID has published [https://nat.sakimura.org/wp-content/uploads/2013/08/openid-connect-selfissued-1_0.html Self-issued OpenID Connect Provider]. | ||
| + | *[[Self-issued Identifier]] | ||
| + | *[[Best Practice and Example Self-issued Identifier]] | ||
*Certification of the [[Native App]] please refer to page [[Native App Security]]. | *Certification of the [[Native App]] please refer to page [[Native App Security]]. | ||
*The [[Native App]] should perform all [[Authentication]] of the user by way of a browser ([[User Agent]]) selected by the user and running on the user's device using a trusted [[Identifier or Attribute Provider]]. | *The [[Native App]] should perform all [[Authentication]] of the user by way of a browser ([[User Agent]]) selected by the user and running on the user's device using a trusted [[Identifier or Attribute Provider]]. | ||
| Line 21: | Line 27: | ||
#IETF RFC 8252 ''OAuth 2.0 for Native Apps'' https://tools.ietf.org/html/bcp212#section-7.2 | #IETF RFC 8252 ''OAuth 2.0 for Native Apps'' https://tools.ietf.org/html/bcp212#section-7.2 | ||
#Apple ''App Store Review Guidelines'' https://developer.apple.com/app-store/review/guidelines/ | #Apple ''App Store Review Guidelines'' https://developer.apple.com/app-store/review/guidelines/ | ||
| + | #[https://developer.android.com/guide/components/intents-filters#imatch Android Intents and Intent Filters] | ||
| + | #[https://docs.microsoft.com/en-us/windows/uwp/launch-resume/web-to-app-linking Microsoft web-app linking]. | ||
| + | #[https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/ description of use of this technique] in [[OAuth 2.0]] implementations. | ||
| + | # See the wiki page [[Linking to Apps]] | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Authentication]] | [[Category:Authentication]] | ||
| + | [[Category:Agent]] | ||
Latest revision as of 19:24, 10 June 2021
Full Title or Meme
A Native App can register to intercept URI calls (eg HTTP and other schemes) from the browser on the User Device,
Context
- Many web applications would like to improve their User Experience by installing a Native App on the user device to provide more performant responses to user input. This has been enabled on most User Devices by operating system enhancement that allow the registration of the web site's URL and intercepting HTTP requests so that they can be partially or fully handled on the local device.
Problems
- Several Identity Management problems can potentially be solved by this same mechanism.
- If the user wishes to create Self-issued Identifiers that can act like Identifier or Attribute Providers to a Relying Party they can install such a provider on their own device and redirect calls for authentication back to themselves.
Solutions
- Linking to Apps is available in all of the major mobile planforms, Android, Apple IOS, Microsoft UWP.
- But note that Chrome 72 (at least on Android) had a bug as tracked on this site/
- OpenID has published Self-issued OpenID Connect Provider.
- Self-issued Identifier
- Best Practice and Example Self-issued Identifier
- Certification of the Native App please refer to page Native App Security.
- The Native App should perform all Authentication of the user by way of a browser (User Agent) selected by the user and running on the user's device using a trusted Identifier or Attribute Provider.
- Pre Oauth Entity Trust describes a means to represent third-party application endorsement for health care applications. POET’s goal is to help consumers distinguish between applications that have an endorsement versus applications that have no pedigree (i.e untrusted and could be malicious).
References
- Native App general page on this wiki
- Native App Security page on this wiki
- Native App Privacy page on this wiki
- W3C page on web apps best practices as of (2010-12-10).
- IETF RFC 8252 OAuth 2.0 for Native Apps https://tools.ietf.org/html/bcp212#section-7.2
- Apple App Store Review Guidelines https://developer.apple.com/app-store/review/guidelines/
- Android Intents and Intent Filters
- Microsoft web-app linking.
- description of use of this technique in OAuth 2.0 implementations.
- See the wiki page Linking to Apps
