> you click a link in an app, it opens in an in-app web view where you're not logged in
But you could be. You could log in from the in-app web view, and it would be remembered and compartmentalised in that app, so that next time you click a link you’re logged in.
Nowadays most providers (and IT teams managing SSO) log out stale sessions quickly, so by the time he clicked another link to it in Slack he'd probably be logged out, again.
It really is a bad user experience all around.
If it happened that fast, then logging in outside the in-app browser wouldn’t make much of a difference, you’d have to be constantly doing it anyway.
I could be, but I'm not. And I don't want to compartmentalize logins to Slack.
To be clear, what I meant is that the logins inside the in-app browser do not affect the other in-app browsers and the main browser. I understand this is not your preferred solution, but it is a way to make the situation suck less.
This sounds like a fantastic way to get phished.
That makes no sense. Are you getting phished from clicking a link someone you know posted in your internal company Slack? And use a password manager, those make sure the domain is correct.
Every app and their mom uses the webview bullshit - it's not just your work slack.
Now you're logging into the same thing in multiple different places. Obviously, the odds of you getting phished go up significantly.