Im trying to implement SSO in my mobile application but im having issues with the redirect uri on the iOS side. Currently right now my redirect has the scheme of https://. I realize this is an issue an want to move to a custom url (Example: com.myapp.xamarin).
The issue that im running into now is that im worried this violates the https protocol and my login token will be vulnerable to attacks.
All the documentation on how to implement a mobile redirect all use custom url schemes. I find it hard to believe that big companies such as google, Microsoft, and Facebook all allow these custom url schemes without it being secure.
Does anyone know anything or can link me anything stating that custom url schemes are still secure.
