Security changes to the Alloy Embedded Framework (AEF)

Ryan Walpole Enterprises has been constantly working at improving the user experience for authenticating with Ryan Walpole Enterprises. It began with us adding extended sign in options to help make signing in to RWE in certain apps and services easier, quicker and more secure. Since then, we have added a whole new sign in experience for connected applications that makes it more clear what the application has access to within your account.

We have also been working behind the scenes at creating better security systems to help keep RWE accounts safe and from compromise. Today we are extending these efforts to the Alloy Embedded Framework (AEF). Alloy Embedded Framework includes the AlloyWebView as well as AEF objects in .NET, UWP, XamarinAEF and more.

What’s changing?
As of August 1, 2021, any Alloy Embedded Framework browser object will no longer (by default) be able to access certain authentication pages pertaining to RWE sign in. This includes signing in to RWE and authenticating apps and services to use RWE accounts. Currently, we already prevent users from signing in if they are using a browser or app that we cannot deem secure, out of respect for your account security. This change will extend this to AEF browsers or apps and therefore users of those apps and browsers.

When trying to sign in to RWE, whether to authorise an application or just to sign in, by default users will be greated with the following sign in page:

Developers: How to avoid this?
We totally understand that this will break a lot of applications. This is why we are giving developers until August 1, 2021 to register their application as RWE-Safe. Developers will be able to debug their applications with AEF without interruption. This only affects fully compiled builds.

To register your application as RWE-Safe, you will need to submit a form via the RWE Developer Dashboard.