Concrete example of auth prompt from a desktop app (google drive connecter) that does NOT use the system browser. Placing it in a tweet so that I have a URL for it in discussions.
5
5
Replying to @vibronet
That's interesting, most of the other Google stuff has been moving to web views, even the native calendar integration on macos now! I wonder if this just hasn't been updated yet.

Jan 28, 2021 · 9:54 PM UTC

2
Replying to @aaronpk @vibronet
@aaronpk not sure if you meant "web view" as in embedded web view inside a native app - but if so that is not technically more secure. Launching a system browser prevents the calling app from keylogging in that web page.
2
On the desktop that’s not necessarily the case, it depends on the privileges of the other apps (eg think debugger or anything accessing the message pump). Security considerations for mobile don’t apply as is on desktop.
Replying to @aaronpk
I doubt it's a matter of timing. Besides this being a first party scenario, there's the usual debacle on use of system browser on the desktop in absence of better experiences. See all the other examples and the feedback on OAuth21