Overview#Native application is typically a OAuth Public Client installed and executed on the device used by the Resource Owner. Protocol data and credentials are accessible to the Resource Owner. It is assumed that any client authentication credentials included in the application can be extracted. On the other hand, dynamically issued credentials such as Access Tokens or Refresh Tokens can receive an acceptable level of protection. At a minimum, these credentials are protected from hostile servers with which the application may interact.
On some platforms, these credentials might be protected from other applications residing on the same device.
More Information#There might be more information for this subject on one of the following:
- 10 Reasons Why OpenID Connect
- ACDC Grant type
- App-claimed HTTPS URI Redirection
- App-declared Custom URI Scheme Redirection
- Authorization Cross Domain Code 1.0
- Custom URI scheme
- Embedded user-agent
- Native Applications Working Group
- Native Single Sign-On
- OAuth 2.0 Profiles
- OAuth 2.0 for Native Apps
- OAuth Public Client
- OpenID Connect Use Cases
Add new attachment
Only authorized users are allowed to upload new attachments.