Hello, SharedWorker seems to be the only way to store OAuth 2.0 access tokens securely in browser sessions and share them between tabs.
See for example the best practices described here: https://auth0.com/docs/secure/security-guidance/data-security/token-storage Any other solutions (e.g. using sessionStorage) either expose the access token to XSS attacks or do not allow to share it between tabs (in-memory storage in javascript closures). Best, Thomas Danecker xxai art schrieb am Mittwoch, 3. April 2024 um 16:27:11 UTC+2: > I used SharedWorker to reuse websocket connections, > and then I found that chrome on Android does not support this (but firefox > does) > > 在2024年3月8日星期五 UTC+8 08:23:58<Christian Stewart> 写道: > >> All, >> >> On Friday, October 20, 2023 at 2:01:30 AM UTC-7 Kenji Baheux wrote: >> >> Things are a bit different these days. That said, there are other interop >> requests that compete for the team's bandwidth, beside their main projects. >> The other requests have clearer signals of impact *at the moment*. >> >> >> What is the reason SharedWorker should be desktop-only when every other >> browser is able to ship it on mobile? >> >> >> To be clear, no one said that SharedWorker should be desktop-only. >> This is not an if, it's a when. >> >> >> SharedWorker is powerful for sharing resources (connections) between >> multiple tabs. >> >> At the moment I am facing adding unnecessary complexity with leader >> election and broadcast channels specifically for the Android Chrome browser >> to emulate SharedWorker as currently it is the only major browser to not >> support this: https://caniuse.com/sharedworkers - while Firefox Mobile >> and Safari Mobile both support it. >> >> I understand that this feature competes for time with other more >> important requests. >> >> With that in mind, I'd like to politely request that this issue be >> re-visited soon, so that we can avoid having to implement complex >> workarounds for lack of SharedWorker on Chrome for Android, and unlock the >> performance improvements of cross-tab resource sharing on mobile. >> >> Thanks! >> Christian Stewart >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/0fe903c6-d1f1-41cd-9790-ecec8f5f15bcn%40chromium.org.
