Open the authentication page in the system default browser

[rinsuki]

I think that it is better to open the authentication page with the default browser of the OS instead of opening the authentication page with WebView.

[jariz]

Why exactly do you think so? This would be kind of hard to implement and could bring possible security issues because of the browser needing to call back to noti (which then any other website can do too)

[rinsuki]

I think that should use the default browser for the following reasons:

• (if the user has already logged in at pushbullet.com) User do not need to login to pushbullet.com.
• When the user sees the address bar of the browser, it is understood that it is the correct login screen.

As for the security problem, I think that it can be solved by including a random character string in redirect_uri (although it is not sure whether it is correct or not).

[ABeltramo]

Imho this way it's more OSX style. The system apps always work this way.
Example 1: Mail

Example 2: iMovie

I understand your point but I think that if you don't trust an open source product you can always open Github and check if it's ok.

[jariz]

If anyone wants to submit a PR I'll probably merge it but don't really see the upside of this enough to go implement it myself.

[Vlaoff]

Adobe Creative Cloud does this. They open a new tab in the browser. Feels very secure.

[mylemans]

If you're considering implement this, there is nothing preventing you adding some sort of signature to the callback uri, so that Noti can verify it received a 'callback' that it actually expected and not a hijacked one.

That said, I'm personally ok with the current solution, as you normally only do it once and be done with it.