![]() Some platforms support a browser feature known as "in-app browser I believe that's available with Chrome on Android: That section mentions solutions that are integrated in the app UX but are still a properly sandboxed browser. That's specifically the API that opens a browser window inside the app (which shares system cookies, and which the app can't inspect) rather than showing the web page in an embedded web view. Yes, the best practices for OAuth say that you should use the in-app browser for this. Implementations vary slightly, most noticeable by the extra loading screen in the Tumblr flow. Below you can see the flows for Tumblr and Twitter.īoth Tumblr and Twitter prompt the user to log in (if they are not already) then ask the user to confirm the connection between the requesting app and their service. The process of connecting a social service for sharing has some similarities to potential REST API authentication flows. The interaction can be very brief and transparent (as shown here) or, can be complicated as Apple requires two factor security and a PIN before Sign In With Apple can be used. Similar to Google in that its a third party service. ![]() Can be more complicated if the user is not already logged into the correct Google account. Most of the interaction is transparent to the user. Additional challenges due to sites that are unreadable due to an unavailable XML-RPC service.Ī JWT implementation similar to what is being discussed for the REST API. Second simplest flow due to the surprising number of users who struggle to enter their site address. Challenging if a user has forgotten their email address. An Auth flow that takes an email address and password and returns a bearer token. It illustrates the possibility for out-of-app flows to be successful. First to their email application, then to their browser. This is a flow that necessarily takes the user into not one but two separate apps in order to successfully authenticate. This is an overview of the main login flows currently in the mobile app's as illustrated by WordPress for iOS. Happy to go deeper into the details on any that are particularly interesting. Others illustrate varying degrees of complexity a user must endure. Some of these are quite similar to what's being discussed. The issue will be closed once we have general agreement within the people in this organization's team on the desired flow(s), and have merged a PR with diagrams of those flows into this repository.Īs we're discussing candidate flows, I thought it might be helpful to reference some of the existing authentications flows in the WordPress mobile apps. ![]() discuss nuances of how our desired flow could be implemented within WordPress.identify other authentication scenarios which should be accounted for (perhaps more developer-facing flows for example to connect a CLI tool with no formal UI).propose applications and flows which do this handshake well. ![]() Maybe it will look like that, maybe it will look different.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |