Any cookie? What about a Secure cookie limited to a specific sub-domain? What are the concerns about cookies? I think this would be helpful to discuss.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Marius Scurtescu > Sent: Monday, July 11, 2011 3:15 PM > To: Doug Tangren > Cc: [email protected] > Subject: Re: [OAUTH-WG] best practices for storing access token for implicit > clients > > On Thu, Jun 30, 2011 at 12:45 PM, Doug Tangren <[email protected]> > wrote: > > What is the current recommended practice of storing an implicit > > client's access_tokens? LocalStorage, im mem and re-request auth on > > every browser refresh? > > Both sound reasonable. I think most important is how NOT to store it, in a > cookie. > > Marius > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
