Just tested my OpenID Connect Session Management implementation with Safari 12.0.1 and it works like a charm.
On Thu, Nov 22, 2018 at 8:09 PM George Fletcher <gffletch= [email protected]> wrote: > My understanding is that cookies are not blocked on redirects > (IPT2/Safari) but I haven't done extensive testing. So from a full-page > redirect perspective there should be no issues, from a hidden iframe I'm > not sure... but I believe it will work. > > > On 11/21/18 11:49 PM, Torsten Lodderstedt wrote: > > Hi George, > > > Am 20.11.2018 um 22:15 schrieb George Fletcher <[email protected]> > <[email protected]>: > > OIDC provides a "prompt=none" mechanism that allows the browser app to > request a new token in a hidden iframe. OAuth2 doesn't describe this flow. > Note that full authentications of users should NOT happen in iframes due to > click-jacking attacks. > > > Does this still work reliably given the limitations imposed by the browserâs > 3rd party cookie policies? > > kind regards, > Torsten. > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
