That's interesting, most of the other Google stuff has been ... • Aaron Parecki

Vittorio https://twitter.com/vibronet • Jan 28
Concrete example of auth prompt from a desktop app (google drive connecter) that does NOT use the system browser.
Placing it in a tweet so that I have a URL for it in discussions.

That's interesting, most of the other Google stuff has been moving to web views, even the native calendar integration on macos now! I wonder if this just hasn't been updated yet.

Portland, Oregon • 45°F

Thu, Jan 28, 2021 1:54pm -08:00

4 replies
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  I know you know me from a different context, but this is literally what I spend most of my time talking about 🙃 I have like a book and video course all about it 😉
  
  Fri, Jan 29, 2021 4:28am +00:00 (via brid-gy.appspot.com)
- Vittorio twitter.com/vibronet
  
  On the desktop that’s not necessarily the case, it depends on the privileges of the other apps (eg think debugger or anything accessing the message pump). Security considerations for mobile don’t apply as is on desktop.
  
  Fri, Jan 29, 2021 4:11am +00:00 (via brid-gy.appspot.com)
- BensTechLab twitter.com/BensTechLab
  
  @aaronpk not sure if you meant "web view" as in embedded web view inside a native app - but if so that is not technically more secure. Launching a system browser prevents the calling app from keylogging in that web page.
  
  Fri, Jan 29, 2021 4:09am +00:00 (via brid-gy.appspot.com)
- Vittorio twitter.com/vibronet
  
  I doubt it's a matter of timing. Besides this being a first party scenario, there's the usual debacle on use of system browser on the desktop in absence of better experiences. See all the other examples and the feedback on OAuth21
  
  Thu, Jan 28, 2021 9:57pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using monocle.p3k.io