@andrea.chiarelli Thanks for the pointer. Though a couple things are a bit dated on the reasoning there. One is that in 2023 mainstream support for browser auth on desktop is more prevalent. Slack does auth through the system browser, though it renders its UI through WebViews. Visual Studio has an option to auth through the browser. VSCode also does its auth through the browser when you choose GitHub auth mode. The talk about needing a localhost server for the return URL doesn’t apply when you use a protocol handler on your app. And I’m pretty sure that in most cases the system can bring the browser to the foreground when an app launches a URI through the shell.
I can’t speak entirely to the claim that it’s easy for any app to steal passwords from the system browser on the desktop, but just from a usability point of view, letting the user access their already signed-in state and have standard access to their in-browser or 3rd party stored passwords is really nice.
I do realize that it’s more complicated on Desktop than on Mobile, but I think the way the winds are blowing is toward in-browser auth.