OAuth 2.0 for Mobile and Native Apps

RFC 8252: OAuth 2.0 for Mobile and Native Apps

tools.ietf.org/html/rfc8252

OAuth 2.0 for Native Apps (RFC 8252) describes security requirements and other recommendations for native and mobile applications using OAuth 2.0.

It describes things like not allowing the third-party application to open an embedded web view which is more susceptible to phishing attacks, as well as platform-specific recommendations on how to do so.

It also recommends using the PKCE extension to further protect users.

More resources

Mobile and Native Apps (oauth.com)
Mobile Apps (aaronparecki.com)
OAuth 2.0 for Mobile & Desktop Apps (developers.google.com)
OAuth 2.0 for Native and Mobile Apps (developer.okta.com by Micah Silverman)
Why OAuth Secrets Aren't Safe in Mobile Apps (developer.okta.com by Aaron Parecki)