Episode 024: 18‐06‐2024 Enhancing User Experience in First Party Native Applications - GluuFederation/identerati-office-hours GitHub Wiki

Title: Enhancing User Experience in First Party Native Applications

Linkedin Event

Description

In native mobile applications, authentication often involves redirecting users to an external browser to complete the login process. This approach disrupts the seamless user experience that mobile app users expect. It is essential to have a standardized approach to authentication in first-party mobile applications to ensure both security and user experience are optimized

Homework

See Also

Diagrams from the Episode

first-party-authn

topology-first-party-native-auth

Takeaways

  • The First Party Native Authn draft is the answer to mobile app developers' request for "backchannel" authentication that doesn't risk popping the end user into a browser flow.

  • Reasons to use First Party Native Authn: (1) peer-reviewed protocol developed by security experts; (2) ability to centralize some business logic without impacting app interface; (3) availability of standard libraries in various programming languages; (4) developer productivity;

  • OAuth Authorization Sever ("AS") may want to prevent open dynamic registration for clients that have access to this first party native authn flow, or restrict access for DCR without a valid software statement JWT. As there is no new grant type (the code grant type is used at the token endpoint), to restrict access to the authz_challenge endpoint it may need to be OAuth protected, requiring an access token with a certain scope.

  • If you like this spec, make sure to make your support known by posting on the OAuth email list when a call for adoption happens, which might be sometime soon after the July IETF meeting in Vancouver. Also, callout to implementors to share their experience with the spec.

Livestream Audio Archive

Here