Does the sample follows RFC 8252 OAuth 2.0 for Native Apps

[MNF]

Could you please add to Readme, does the sample follows RFC 8252 OAuth 2.0 for Native Apps ? “ For authorizing users in native apps, the best current practice is to perform the OAuth authorization request in an external user agent (typically the browser) rather than an embedded user agent (such as one implemented with web-views).”

The same suggestion is for similar sample for android https://github.com/Azure-Samples/ms-identity-android-java#b2cmodefragment-class

The other 2 examples are based on AppAuth library, that explicitly state that It follows the best practices set out in RFC 8252 - OAuth 2.0 for Native Apps

[ameyapat]

Hi @MNF, sorry for the delayed response.

We do not use any custom designed embedded user agent. According to recommendations in Section B.1 of that RFC-8252, you can configure your app to use SFSafariViewController. You can use any of the Apple provided web views. You can configure that by defining webViewType for MSALWebViewParameters : https://azuread.github.io/microsoft-authentication-library-for-objc/Enums/MSALWebviewType.html https://azuread.github.io/microsoft-authentication-library-for-objc/Classes/MSALWebviewParameters.html

If not specified we use MSALWebViewTypeDefault Please let me know if you've further questions

[ameyapat]

Closing issue