Overview[1]#

Claimed Https Scheme URI Redirection is defined in OAuth 2.0 for Native Apps (RFC 8252)

Some operating systems allow apps to claim "https" scheme RFC 7230 URIs in the domains they control. When the browser encounters a claimed URI, instead of the page being loaded in the browser, the native application is launched with the URI supplied as a launch parameter.

Such URIs can be used as redirect_uris by native applications. They are indistinguishable to the authorization server from a regular web-based client redirect_uri. An example is:

https://app.example.com/oauth2redirect/example-provider

As the redirect_uri alone is not enough to distinguish OAuth Public Client native applications from OAuth Confidential Client, it is REQUIRED in RFC 8252 Section 8.4 that the OAuth 2.0 Client Type be recorded during OAuth 2.0 Client Registration to enable the Authorization Server to determine the OAuth 2.0 Client Type and act accordingly.

App-claimed "https" scheme redirect URIs have some advantages compared to other native app redirect options in that the identity of the destination app is guaranteed to the Authorization Server by the Operating System. For this reason, native apps SHOULD use them over the other options where possible.

Claimed Https Scheme URI Redirection uses HTTPS URL redirection and Private-Use URI Scheme Redirection uses URI (ie NOT URL redirection).

OAuth 2.0#

Apps on platforms that allow the user to disable this functionality, or lack it altogether MUST fallback to using custom URI schemes.

The Authorization Server MUST allow the registration of HTTPS redirect_uri for OAuth Client to support Claimed Https Scheme URI Redirection.

Apps on platforms that allow the user to disable this functionality, or lack it altogether MUST fallback to using custom URI schemes.

The Authorization Server MUST allow the OAuth 2.0 Client Registration of HTTPS redirect_uri for non-confidential user-agents to support Claimed Https Scheme URI Redirection.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-20) was last changed on 27-Oct-2017 11:39 by jim