[aerogear-dev] External vs Embedded browser for OAuth2 libs and Cordova plugin

Matthias Wessendorf matzew at apache.org
Mon Nov 24 04:40:45 EST 2014


On Mon, Nov 24, 2014 at 9:43 AM, Corinne Krych <corinnekrych at gmail.com>
wrote:

> Hello Guys,
>
> Erik did some great progress on OAuth2 iOS plugin using external browser
> approach. Some workarounds are needed for iOS because of Swift based plugin
> and are documented here:
> https://github.com/edewit/aerogear-oauth2-plugin#workaround-for-ios
>
> As descibed in the readme instruction:
> https://github.com/edewit/aerogear-oauth2-plugin#aerogear-oauth2-cordova
> I think the best approach is to go external browser, one of the main issue
> with embedded view is that the user stills have to enter credentials in
> native app. Although it might offer a better UX experience not switching
> apps, it’s seen as less secure. My preference would be to go external.


+1
I think it makes sense to move our supported native platforms (Android /
iOS) to the more secure version, with the external browser - instead of
inlining with WebView.

Glad you bringing it up, Corinne

-M



> On iOS, the re-enter app is solved using URI schema. The same approach is
> used fro Cordova plugin, the schema is configured in the config.xml cordova
> file.
>
> @summersp @passos do you have plan to move to external browser?
>
> Erik started working on Oauth2 Android with embedded view, but if we’re
> planning to move to ext. browser maybe it's worth putting the plugin
> implementation on hold untill we got that?
>
> ++
> Corinne
> —————
> AeroGear iOS tech lead
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141124/0f9c761f/attachment.html 


More information about the aerogear-dev mailing list