5J/ OIDC Web to APP flow challenges in Solutions / Leon Tian

Session 5J

OIDC Web to App Flow Challenges and Solutions

Session Convener: Leon Tian

Notes-taker(s):

Tags / links to resources / technology discussed, related to this session:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Mobile web to mobile app flow:

Question: Is there a way to return to the same browser and same tab?

• If the user does not start from a default browser
  • Redirected to the default browser
  • Current solution: Detect browser type, and if nt the same, message user to go back to the original browser
• If the user starts from the default browser
  • Redirected to a new tab
  • Current solution: Browser scope to be set “Browser wide” so that the new tab will have the session details.

• Alternatively, use the similar flow as “Desktop web to mobile app” flow(in the next page), ie. The popup(modal) page on top of the RP app will keep polling the status and return the control back to the RP app. On the IDP side, ask the user to click “Back” button to go back to the RP app.

Desktop web to mobile app

QR code is used to transition the user to mobile app

Current solution does provide flexibility for RP to decide on which device to continue UX afterwards

• Redirect to RP on both mobile and desktop
  • Auth code is passed to RP on the mobile device only - IDP does not need to differentiate “mobile web to app” and “desktop web to app” flows **and always redirect the user back to RP on the mobile device
  • On the desktop, redirect back to RP web app on the same browser tab
  • RP can decide which device to continue the user flow

• Alternatively, the mobile IDP app does not redirect the user to the RP app, and the user will only use the desktop side redirect to continue the user journey with the RP app on the desktop side. This is more intuitive as all other mobile authenticators flow.