How can I allow apps to claim "https" scheme URIs? (i.e How can I open a desktop application from https URL?)

Question

Currently I'm trying to make a client for OAuth 2.0 authrorization flow, a Native App actually. And in the specification right here it's stated that there are 3 ways to handle redirect URIs: Custom URI scheme, Loopback interface and Claimed "https" Scheme URI.

I'm having a hard time grasping how to implement this stuff, because I've tried finding it on the Internet and to no avail (I've had no such problems when I was looking for the info on loopback server or custom url scheme implementations, in fact I've managed to implement them).

I'm sure that I'm using the wrong words, so I'm asking for help. How can I allow apps to claim "https" scheme URIs? Some resources would be perfect. And the platforms are Windows and Linux.

Answer 1

Claimed HTTPS schemes are only possible on mobile - via 'universal links' on iOS or 'app links' on Android. It would be nice if it worked for desktop also, but unfortunately that is not the case.

MOBILE CLAIMED HTTPS SCHEME SAMPLES OF MINE

• Android Sample
• iOS Sample

DESKTOP FUTURE DIRECTION?

I guess your concern is a malware app triggering a login redirect with your desktop app's client id and redirect URI? This has been a concern for a while, though I guess if malware can run you may have bigger problems.

The future solution to this problem is likely to involve Client Attestation Techniques to prove the app's identity BEFORE it is allowed to attempt user authentication, rather than only relying on an owned response URL.

Right now the technology probably does not support what you want, and Custom URI schemes may be the best option.