The IESG has approved the following document: - 'OAuth 2.0 for Native Apps' (draft-ietf-oauth-native-apps-12.txt) as Best Current Practice This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/ Technical Summary OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser. This specification details the security and usability reasons why this is the case, and how native apps and authorization servers can implement this best practice. Working Group Summary The OAuth 2.0 authorization framework, documents two approaches for native apps to interact with the authorization endpoint: via an embedded user-agent, or an external user-agent. This document recommends external user-agents like in-app browser tabs as the only secure and usable choice for OAuth. There is solid working group consensus to publish this document. Document Quality Implementations are included in the shepherd report. Personnel Hannes Tschofenig is the document shepherd and the responsible area director is Kathleen Moriarty.
