Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shouldn't you be using Safari instead of a web view? #11

Open
malhal opened this issue Sep 18, 2014 · 1 comment
Open

Shouldn't you be using Safari instead of a web view? #11

malhal opened this issue Sep 18, 2014 · 1 comment

Comments

@malhal
Copy link

malhal commented Sep 18, 2014

I'm new to Oauth and was just wondering that if you are using a web view and if the user logs in then the app can just inject some javascript to monitor whats entered in the login page. Thus defeating the purpose of using Oauth. To prevent this shouldn't you open the URL in safari, have the user log in there, and then redirect back to the app afterwards? That way the app can't steal the users credentials. This is more of an issue for framework developers I suppose. However if this is designed for use in a highly trusted environment why not just use the password flow instead of authorisation code flow?

@gregpeet
Copy link

gregpeet commented Oct 6, 2015

No, this is against apple's HIG. Apps (except for Facebook) cannot leave the current app to 'sign in'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants