mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-04 23:45:07 +00:00
docs: Clarify third party apps NOT use embedded view (#8322)
# Which Problems Are Solved The text appears to contradict the statement in the page on oauth.net. # How the Problems Are Solved The text has been updated to reflect the statement in the page on oauth.net. # Additional Changes None # Additional Context The page [OAUTH2.0 for mobile and native apps](https://oauth.net/2/native-apps/) linked just above the text that was changed states: > It describes things like not allowing the third-party application to open an embedded web view which is more susceptible to phishing attacks, as well as platform-specific recommendations on how to do so. Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
parent
31ecbe04ec
commit
0f6003f9a1
@ -65,8 +65,8 @@ The [RFC 8252 specification](https://tools.ietf.org/html/rfc8252) defines how
|
||||
Basically, there are two major points in this specification:
|
||||
|
||||
1. It recommends to use [PKCE](https://oauth.net/2/pkce/)
|
||||
2. It does not allow third party apps to open the browser for the login process,
|
||||
the app must open the login page within the embedded browser view
|
||||
2. It does not allow third party apps to use an embedded web view for the login process,
|
||||
the app must open the login page within the default browser
|
||||
|
||||
First install [http](https://pub.dev/packages/http) a library for making HTTP calls,
|
||||
then [`flutter_web_auth_2`](https://pub.dev/packages/flutter_web_auth_2) and a secure storage to store the auth / refresh tokens [flutter_secure_storage](https://pub.dev/packages/flutter_secure_storage).
|
||||
|
Loading…
Reference in New Issue
Block a user