Use https scheme for OAuth redirects

svthalia / Reaxit

The latest ThaliApp built on Flutter.

GNU General Public License v3.0

11 stars 3 forks source link

Use https scheme for OAuth redirects #240

Open DeD1rk opened 2 years ago

DeD1rk commented 2 years ago

Using https instead of nu.thalia as scheme for OAuth redirects is more secure, since both iOS and Android require a web server to declare that they some app is allowed to listen to its https redirects.

For #239, we have to do this as TOSTI doesn't allow non-https redirects, but for concrexit it also seems like a good idea.

See https://developer.android.com/training/app-links/verify-site-associations

DeD1rk commented 1 year ago

This is actually not needed for TOSTI, although it still would be nice.

DeD1rk commented 1 year ago

Seems like this will be supported by flutter_web_auth2 soon.