In 2016 I wrote RFC 8252 seeking to codify a new best practice on using the system browser (or in-app browser tabs) to perform OAuth flows, rather than a built-in WebView. A little history: you don’t see this embedded WebView OAuth pattern much any more, but when I joined the Identity team at Google in… Continue reading In-app browsers and RFC 8252