Native App URI Handlers
Full Title or Meme
- Many web applications would like to improve their User Experience by installing a Native App on the user device to provide more performant responses to user input. This has been enabled on most User Devices by operating system enhancement that allow the registration of the web site's URL and intercepting HTTP requests so that they can be partially or fully handled on the local device.
- Several Identity Management problems can potentially be solved by this same mechanism.
- If the user wishes to create Self-issued Identifiers that can act like Identifier or Attribute Providers to a Relying Party they can install such a provider on their own device and redirect calls for authentication back to themselves.
- App linking is available in all of the major mobile planforms, Android, Apple IOS, Microsoft UWP.
- But note that Chrome 72 (at least on Android) had a bug as tracked on this site/
- OpenID has published Self-issued OpenID Connect Provider.
- Self-issued Identifier
- Best Practice and Example Self-issued Identifier
- Certification of the Native App please refer to page Native App Security.
- The Native App should perform all Authentication of the user by way of a browser (User Agent) selected by the user and running on the user's device using a trusted Identifier or Attribute Provider.
- Pre Oauth Entity Trust describes a means to represent third-party application endorsement for health care applications. POET’s goal is to help consumers distinguish between applications that have an endorsement versus applications that have no pedigree (i.e untrusted and could be malicious).
- Native App general page on this wiki
- Native App Security page on this wiki
- Native App Privacy page on this wiki
- W3C page on web apps best practices as of (2010-12-10).
- IETF RFC 8252 OAuth 2.0 for Native Apps https://tools.ietf.org/html/bcp212#section-7.2
- Apple App Store Review Guidelines https://developer.apple.com/app-store/review/guidelines/
- Microsoft web-app linking.
- description of use of this technique in OAuth 2.0 implementations.