> > So then you could set a third-party cookie from Sling, i.e. a cookie > that is set for a different domain, matching whathever the google auth > endpoint is. Would that work? >
I tested with the setCookie method and the same cookie was returned from Google. So can I use that method? On Mon, Jun 25, 2018 at 3:52 PM, Robert Munteanu <[email protected]> wrote: > On Mon, 2018-06-25 at 15:50 +0530, Hasini Witharana wrote: > > > > > > 'Sent from the user' -> I assume that's sent from the user's > > browser, > > > but to whom? To the Authorization endpoint? And is that supposed to > > be > > > set by the Relying Party? > > > > > > > Sent from users's browser to Google's authorization endpoint. Relying > > party > > need to do the state validation hence I think RP should set the > > cookie > > value. > > So then you could set a third-party cookie from Sling, i.e. a cookie > that is set for a different domain, matching whathever the google auth > endpoint is. Would that work? > > Robert > -- *Hasini Witharana* Undergraduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
