Awesome! I'm getting a lot of push back on the visible URL. I'm wondering how/why so many mobile apps don't show it. Thoughts?
3
Prior to SafariViewController, devs weren't willing to bounce ppl out of the app, the only other way to have a visible URL
1
Sorry, I meant I'm being told the URL can't be visible and they are holding up other mobile apps login as examples that do not show it.
1
Yeah sorry, 140 chars isn't enough 😭
Before SFSafariView, the only way to securely do OAuth was to launch the native…
1
more here: aaronparecki.com/2017/05/04/…
1
The Google Inbox and Voice apps do it! I know I've used a couple more, but can't remember off-hand.
1
Awesome, I’ll check those out. Business doesn’t understand why I can’t do this in a way that doesn’t show URL. Since it’s our app and API.
1
Well for first-party apps there isn't really a phishing risk, it's normal to type your password into the service's own app.
May 4, 2017 · 6:31 PM UTC