WebAuthenticator Opens external browser #160
-
|
I was trying out the WebAuthenticator to see if I can get OAuth into our Mobile API app in Windows. When I use you WebAuthenticator, it opens an external browser, as opposed to be inside the app window. Is this expected? I am not sure if I am doing something incorrect. Having an external browser is certainly better than not working at all, like the MAUI implementation Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
That's exactly how it's meant to work, and in accordance with the best practices. Another nice side-effect of using your browser is that the user might already be signed into the website and then all they have to do is allow your app to get an authentication token. |
Beta Was this translation helpful? Give feedback.
That's exactly how it's meant to work, and in accordance with the best practices.
In fact iOS and Android doesn't actually use a webview, but uses built-in oauth platform APIs that opens up a secure browser session, and prevents the app from seeing into that browser session and stealing credentials. In fact several OAuth services like Google and Facebook require that from iOS and Android clients and detects if it's a webview and blocks signing in. Unfortunately Microsoft hasn't ported the WebAuthenticationBroker from UWP to WinUI yet, otherwise you'd get a similar approach.
The problem with an embedded webview is the user has no trust that the app doesn't listen in on the browser session …