- From: Marcos Caceres <notifications@github.com>
- Date: Mon, 11 May 2015 11:22:51 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/issues/380/101006456@github.com>
Ok, two thoughts... and it would be great to work through a real example here...:
1. normal linking + deep linking
1. `window.open()`
Given:
```JSON
{
"scope": "/myapp/"
}
```
# normal linking
So, given a user wants to log into facebook, one could navigate to https://login.facebook.com - this "breaks" scope, hence causes browser to open (not great experience, but stay with me). Once authentication finishes, facebook.com navigates back to "example.com/myapp/logged_in/". As the scope is registered (and as the app is open), the web application reopens (i.e., this is a "deep link" behavior).
Issues: requires the browser to keep track of which pages are working as "apps". The app could die in the background before the user finishes authentication. It doesn't integrate nicely with OS level pre-authentication (but it could, MAYBE, with the [proposed credential management API](https://w3c.github.io/webappsec/specs/credentialmanagement/) ... need to investigate this).
# window.open()
Using `window.open()` could work as an overlay, allow authentication to take place (same as a popup window in desktop browsers). This would allow for a more integrated authentication experience without requiring users to jump into a separate application (the default browsers).
Issues: we probably need to have more control over window.open() to make it feel more native.
---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/380#issuecomment-101006456
Received on Monday, 11 May 2015 18:23:17 UTC