[keycloak-user] Best practices for securing sign-in on mobile

Our Cordova apapter uses a webview (via cordova-plugin-inappbrowser) to open the login page. This results in no SSO between applications and it also has some security implications. A better approach is to use in app browser tabs when supported or fallback to the system browser. See https://www.youtube.com/watch?v=ppeU8yeI_ks for more details.