Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use https scheme for OAuth redirects #240

Open
DeD1rk opened this issue Jul 8, 2022 · 2 comments
Open

Use https scheme for OAuth redirects #240

DeD1rk opened this issue Jul 8, 2022 · 2 comments
Labels
chore Something that is not a bug or a feature, does not change production behaviour priority: maybe someday This is not really relevant, but if we have nothing else to do, then we can think about this.

Comments

@DeD1rk
Copy link
Member

DeD1rk commented Jul 8, 2022
edited
Loading

Using https instead of nu.thalia as scheme for OAuth redirects is more secure, since both iOS and Android require a web server to declare that they some app is allowed to listen to its https redirects.

For #239, we have to do this as TOSTI doesn't allow non-https redirects, but for concrexit it also seems like a good idea.

See https://developer.android.com/training/app-links/verify-site-associations
@DeD1rk DeD1rk added chore Something that is not a bug or a feature, does not change production behaviour priority: medium A new feature or a bugfix that is non-critical. labels Jul 8, 2022
@DeD1rk
Copy link
Member Author

DeD1rk commented Sep 28, 2022

This is actually not needed for TOSTI, although it still would be nice.

@DeD1rk DeD1rk added priority: maybe someday This is not really relevant, but if we have nothing else to do, then we can think about this. and removed priority: medium A new feature or a bugfix that is non-critical. labels Sep 28, 2022
@DeD1rk
Copy link
Member Author

DeD1rk commented Nov 17, 2022

Seems like this will be supported by flutter_web_auth2 soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Something that is not a bug or a feature, does not change production behaviour priority: maybe someday This is not really relevant, but if we have nothing else to do, then we can think about this.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DeD1rk