RFC 8252: OAuth 2.0 for Mobile and Native Apps


OAuth 2.0 for Native Apps (RFC 8252) describes security requirements and other recommendations for native and mobile applications using OAuth 2.0.

It describes things like not allowing the third-party application to open an embedded web view which is more susceptible to phishing attacks, as well as platform-specific recommendations on how to do so.

It also recommends using the PKCE extension to further protect users.

More resources