Is there support for redirecting to iOS app scheme

If you watch Apple's WWDC 2017 Session 225 "What's New in Safari View Controller" at the 28:20 mark.

https://developer.apple.com/videos/pl...

You will see that Apple recommends using SFSafariViewController for third party authorization. The way to handle the redirect_uri is by using a scheme (not http or https) that the app knows how to handle. So something like "myApp://authorize/ecobee"

The redirect url is handled in application:openURL:options:

Does the ecobee API support redirecting to app specific schemes like "myApp://authorize/ecobee"

Here is the Apple documentation about custom schemes.
https://developer.apple.com/library/c...

Also it would be helpful if multiple redirects would be supported, similar to Nest.
https://developers.nest.com/documenta...

That way we could transition to "myApp://authorize/ecobee" while the default "https://myDomain.com/redirect" still works for older versions of the app.

Thanks.
1 person has
this question
+1
Reply
  • MarkK (API Architect) November 30, 2017 19:18
    We do not support app schemes for OAuth Code redirect. Doing so is a security issue where the app can use phishing to steal user credentials. Allowing that permits the app to perform a man-in-the-middle attack on the user login. Ecobee OAuth only allows valid domain redirects and is done through the browser's standard and secure way redirecting the user with certificate validation and warnings.

    For PIN authorization, the user must independently log into the ecobee site and again, not through a 3rd party in-application redirect to enter the pin and authorize the app.

    Nest uses redirect URLs for PIN authorization, whereas we do not.
    https://www.ecobee.com/home/developer...
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated